Malicious
Classifications
Keylogger Backdoor Spyware
Threat Names
Remcos C2/Generic-A Mal/Generic-S Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2024-04-22T09:51:56+00:00
SOA FOR MARCH USD112,450.00.bat
Windows Batch File
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 minutes, 53 seconds" to "98.0 milliseconds" to reveal dormant functionality.
Remarks
(0x0200004A): 266 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 1321 MB.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\SOA FOR MARCH USD112,450.00.bat | Sample File | Batch |
Malicious
|
...
|
»
| MIME Type | application/x-bat |
| File Size | 4.31 MB |
| MD5 |
e076bf46076a4b31362f496e9f42e992
|
| SHA1 |
c8a38b711b31d0f8e6901ccaa32cbd923bcf54c3
|
| SHA256 |
721c9d4f52aa4e1a46a73887e0372146e8a4575e3f74250a596ddb3344a86bb9
|
| SSDeep |
49152:fHZjpt3K90OHGHS/jltrYcZ4t6CgGP9KUJb0tDNm5Rg4/VuqK1BdeW9e6P:c
|
| ImpHash | - |
| C:\\Users\\Public\\Libraries\\sppsvc.pif | Dropped File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\Public\Libraries\sppsvc.pif (Accessed File)
\??\C:\Users\Public\Libraries\sppsvc.pif (Accessed File) c:\users\public\libraries\qdcbusyr.pif (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.56 MB |
| MD5 |
284ab04083ce4ead0cbefae003e3b5df
|
| SHA1 |
020912a9dd4ccd17b311f88744c9794140bfb492
|
| SHA256 |
6207347de65bb779dd87a61de0a872f1b9dbcaa7c88ffc68ab1670d1bf5d983b
|
| SSDeep |
24576:7MkT4gLKu9KKozJQd/HJNRO/BaM6wIJp4m+3bu8U2flxAv:QkTpT9K1mzyaM6wW4mEQ2W
|
| ImpHash |
55bb4abe492867a8202968458cfd638d
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x004575C0 |
| Size Of Code | 0x00056800 |
| Size Of Initialized Data | 0x00139800 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 1992-06-19 22:22 (UTC) |
| Packer | BobSoft Mini Delphi -> BoB / BobSoft |
Sections (9)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| CODE | 0x00401000 | 0x00056608 | 0x00056800 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.52 |
| DATA | 0x00458000 | 0x001147CC | 0x00114800 | 0x00056C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.62 |
| BSS | 0x0056D000 | 0x00000D5D | 0x00000000 | 0x0016B400 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .idata | 0x0056E000 | 0x00002066 | 0x00002200 | 0x0016B400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.89 |
| .edata | 0x00571000 | 0x00000078 | 0x00000200 | 0x0016D600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 1.54 |
| .tls | 0x00572000 | 0x00000010 | 0x00000000 | 0x0016D800 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rdata | 0x00573000 | 0x00000018 | 0x00000200 | 0x0016D800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 0.21 |
| .reloc | 0x00574000 | 0x00006328 | 0x00006400 | 0x0016DA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 6.69 |
| .rsrc | 0x0057B000 | 0x0001C600 | 0x0001C600 | 0x00173E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ | 4.18 |
Imports (14)
»
kernel32.dll (42)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeleteCriticalSection | - | 0x0056E12C | 0x0016E12C | 0x0016B52C | 0x00000000 |
| LeaveCriticalSection | - | 0x0056E130 | 0x0016E130 | 0x0016B530 | 0x00000000 |
| EnterCriticalSection | - | 0x0056E134 | 0x0016E134 | 0x0016B534 | 0x00000000 |
| InitializeCriticalSection | - | 0x0056E138 | 0x0016E138 | 0x0016B538 | 0x00000000 |
| VirtualFree | - | 0x0056E13C | 0x0016E13C | 0x0016B53C | 0x00000000 |
| VirtualAlloc | - | 0x0056E140 | 0x0016E140 | 0x0016B540 | 0x00000000 |
| LocalFree | - | 0x0056E144 | 0x0016E144 | 0x0016B544 | 0x00000000 |
| LocalAlloc | - | 0x0056E148 | 0x0016E148 | 0x0016B548 | 0x00000000 |
| GetVersion | - | 0x0056E14C | 0x0016E14C | 0x0016B54C | 0x00000000 |
| GetCurrentThreadId | - | 0x0056E150 | 0x0016E150 | 0x0016B550 | 0x00000000 |
| InterlockedDecrement | - | 0x0056E154 | 0x0016E154 | 0x0016B554 | 0x00000000 |
| InterlockedIncrement | - | 0x0056E158 | 0x0016E158 | 0x0016B558 | 0x00000000 |
| VirtualQuery | - | 0x0056E15C | 0x0016E15C | 0x0016B55C | 0x00000000 |
| WideCharToMultiByte | - | 0x0056E160 | 0x0016E160 | 0x0016B560 | 0x00000000 |
| MultiByteToWideChar | - | 0x0056E164 | 0x0016E164 | 0x0016B564 | 0x00000000 |
| lstrlenA | - | 0x0056E168 | 0x0016E168 | 0x0016B568 | 0x00000000 |
| lstrcpynA | - | 0x0056E16C | 0x0016E16C | 0x0016B56C | 0x00000000 |
| LoadLibraryExA | - | 0x0056E170 | 0x0016E170 | 0x0016B570 | 0x00000000 |
| GetThreadLocale | - | 0x0056E174 | 0x0016E174 | 0x0016B574 | 0x00000000 |
| GetStartupInfoA | - | 0x0056E178 | 0x0016E178 | 0x0016B578 | 0x00000000 |
| GetProcAddress | - | 0x0056E17C | 0x0016E17C | 0x0016B57C | 0x00000000 |
| GetModuleHandleA | - | 0x0056E180 | 0x0016E180 | 0x0016B580 | 0x00000000 |
| GetModuleFileNameA | - | 0x0056E184 | 0x0016E184 | 0x0016B584 | 0x00000000 |
| GetLocaleInfoA | - | 0x0056E188 | 0x0016E188 | 0x0016B588 | 0x00000000 |
| GetLastError | - | 0x0056E18C | 0x0016E18C | 0x0016B58C | 0x00000000 |
| GetCommandLineA | - | 0x0056E190 | 0x0016E190 | 0x0016B590 | 0x00000000 |
| FreeLibrary | - | 0x0056E194 | 0x0016E194 | 0x0016B594 | 0x00000000 |
| FindFirstFileA | - | 0x0056E198 | 0x0016E198 | 0x0016B598 | 0x00000000 |
| FindClose | - | 0x0056E19C | 0x0016E19C | 0x0016B59C | 0x00000000 |
| ExitProcess | - | 0x0056E1A0 | 0x0016E1A0 | 0x0016B5A0 | 0x00000000 |
| WriteFile | - | 0x0056E1A4 | 0x0016E1A4 | 0x0016B5A4 | 0x00000000 |
| UnhandledExceptionFilter | - | 0x0056E1A8 | 0x0016E1A8 | 0x0016B5A8 | 0x00000000 |
| SetFilePointer | - | 0x0056E1AC | 0x0016E1AC | 0x0016B5AC | 0x00000000 |
| SetEndOfFile | - | 0x0056E1B0 | 0x0016E1B0 | 0x0016B5B0 | 0x00000000 |
| RtlUnwind | - | 0x0056E1B4 | 0x0016E1B4 | 0x0016B5B4 | 0x00000000 |
| ReadFile | - | 0x0056E1B8 | 0x0016E1B8 | 0x0016B5B8 | 0x00000000 |
| RaiseException | - | 0x0056E1BC | 0x0016E1BC | 0x0016B5BC | 0x00000000 |
| GetStdHandle | - | 0x0056E1C0 | 0x0016E1C0 | 0x0016B5C0 | 0x00000000 |
| GetFileSize | - | 0x0056E1C4 | 0x0016E1C4 | 0x0016B5C4 | 0x00000000 |
| GetFileType | - | 0x0056E1C8 | 0x0016E1C8 | 0x0016B5C8 | 0x00000000 |
| CreateFileA | - | 0x0056E1CC | 0x0016E1CC | 0x0016B5CC | 0x00000000 |
| CloseHandle | - | 0x0056E1D0 | 0x0016E1D0 | 0x0016B5D0 | 0x00000000 |
user32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetKeyboardType | - | 0x0056E1D8 | 0x0016E1D8 | 0x0016B5D8 | 0x00000000 |
| LoadStringA | - | 0x0056E1DC | 0x0016E1DC | 0x0016B5DC | 0x00000000 |
| MessageBoxA | - | 0x0056E1E0 | 0x0016E1E0 | 0x0016B5E0 | 0x00000000 |
| CharNextA | - | 0x0056E1E4 | 0x0016E1E4 | 0x0016B5E4 | 0x00000000 |
advapi32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegQueryValueExA | - | 0x0056E1EC | 0x0016E1EC | 0x0016B5EC | 0x00000000 |
| RegOpenKeyExA | - | 0x0056E1F0 | 0x0016E1F0 | 0x0016B5F0 | 0x00000000 |
| RegCloseKey | - | 0x0056E1F4 | 0x0016E1F4 | 0x0016B5F4 | 0x00000000 |
oleaut32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysFreeString | - | 0x0056E1FC | 0x0016E1FC | 0x0016B5FC | 0x00000000 |
| SysReAllocStringLen | - | 0x0056E200 | 0x0016E200 | 0x0016B600 | 0x00000000 |
| SysAllocStringLen | - | 0x0056E204 | 0x0016E204 | 0x0016B604 | 0x00000000 |
kernel32.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TlsSetValue | - | 0x0056E20C | 0x0016E20C | 0x0016B60C | 0x00000000 |
| TlsGetValue | - | 0x0056E210 | 0x0016E210 | 0x0016B610 | 0x00000000 |
| LocalAlloc | - | 0x0056E214 | 0x0016E214 | 0x0016B614 | 0x00000000 |
| GetModuleHandleA | - | 0x0056E218 | 0x0016E218 | 0x0016B618 | 0x00000000 |
advapi32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegQueryValueExA | - | 0x0056E220 | 0x0016E220 | 0x0016B620 | 0x00000000 |
| RegOpenKeyExA | - | 0x0056E224 | 0x0016E224 | 0x0016B624 | 0x00000000 |
| RegCloseKey | - | 0x0056E228 | 0x0016E228 | 0x0016B628 | 0x00000000 |
kernel32.dll (62)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| lstrcpyA | - | 0x0056E230 | 0x0016E230 | 0x0016B630 | 0x00000000 |
| WriteFile | - | 0x0056E234 | 0x0016E234 | 0x0016B634 | 0x00000000 |
| WaitForSingleObject | - | 0x0056E238 | 0x0016E238 | 0x0016B638 | 0x00000000 |
| VirtualQuery | - | 0x0056E23C | 0x0016E23C | 0x0016B63C | 0x00000000 |
| VirtualAlloc | - | 0x0056E240 | 0x0016E240 | 0x0016B640 | 0x00000000 |
| Sleep | - | 0x0056E244 | 0x0016E244 | 0x0016B644 | 0x00000000 |
| SizeofResource | - | 0x0056E248 | 0x0016E248 | 0x0016B648 | 0x00000000 |
| SetThreadLocale | - | 0x0056E24C | 0x0016E24C | 0x0016B64C | 0x00000000 |
| SetFilePointer | - | 0x0056E250 | 0x0016E250 | 0x0016B650 | 0x00000000 |
| SetEvent | - | 0x0056E254 | 0x0016E254 | 0x0016B654 | 0x00000000 |
| SetErrorMode | - | 0x0056E258 | 0x0016E258 | 0x0016B658 | 0x00000000 |
| SetEndOfFile | - | 0x0056E25C | 0x0016E25C | 0x0016B65C | 0x00000000 |
| ResetEvent | - | 0x0056E260 | 0x0016E260 | 0x0016B660 | 0x00000000 |
| ReadFile | - | 0x0056E264 | 0x0016E264 | 0x0016B664 | 0x00000000 |
| MulDiv | - | 0x0056E268 | 0x0016E268 | 0x0016B668 | 0x00000000 |
| LockResource | - | 0x0056E26C | 0x0016E26C | 0x0016B66C | 0x00000000 |
| LoadResource | - | 0x0056E270 | 0x0016E270 | 0x0016B670 | 0x00000000 |
| LoadLibraryA | - | 0x0056E274 | 0x0016E274 | 0x0016B674 | 0x00000000 |
| LeaveCriticalSection | - | 0x0056E278 | 0x0016E278 | 0x0016B678 | 0x00000000 |
| InitializeCriticalSection | - | 0x0056E27C | 0x0016E27C | 0x0016B67C | 0x00000000 |
| GlobalUnlock | - | 0x0056E280 | 0x0016E280 | 0x0016B680 | 0x00000000 |
| GlobalReAlloc | - | 0x0056E284 | 0x0016E284 | 0x0016B684 | 0x00000000 |
| GlobalHandle | - | 0x0056E288 | 0x0016E288 | 0x0016B688 | 0x00000000 |
| GlobalLock | - | 0x0056E28C | 0x0016E28C | 0x0016B68C | 0x00000000 |
| GlobalFree | - | 0x0056E290 | 0x0016E290 | 0x0016B690 | 0x00000000 |
| GlobalFindAtomA | - | 0x0056E294 | 0x0016E294 | 0x0016B694 | 0x00000000 |
| GlobalDeleteAtom | - | 0x0056E298 | 0x0016E298 | 0x0016B698 | 0x00000000 |
| GlobalAlloc | - | 0x0056E29C | 0x0016E29C | 0x0016B69C | 0x00000000 |
| GlobalAddAtomA | - | 0x0056E2A0 | 0x0016E2A0 | 0x0016B6A0 | 0x00000000 |
| GetVersionExA | - | 0x0056E2A4 | 0x0016E2A4 | 0x0016B6A4 | 0x00000000 |
| GetVersion | - | 0x0056E2A8 | 0x0016E2A8 | 0x0016B6A8 | 0x00000000 |
| GetTickCount | - | 0x0056E2AC | 0x0016E2AC | 0x0016B6AC | 0x00000000 |
| GetThreadLocale | - | 0x0056E2B0 | 0x0016E2B0 | 0x0016B6B0 | 0x00000000 |
| GetSystemInfo | - | 0x0056E2B4 | 0x0016E2B4 | 0x0016B6B4 | 0x00000000 |
| GetStringTypeExA | - | 0x0056E2B8 | 0x0016E2B8 | 0x0016B6B8 | 0x00000000 |
| GetStdHandle | - | 0x0056E2BC | 0x0016E2BC | 0x0016B6BC | 0x00000000 |
| GetProcAddress | - | 0x0056E2C0 | 0x0016E2C0 | 0x0016B6C0 | 0x00000000 |
| GetModuleHandleA | - | 0x0056E2C4 | 0x0016E2C4 | 0x0016B6C4 | 0x00000000 |
| GetModuleFileNameA | - | 0x0056E2C8 | 0x0016E2C8 | 0x0016B6C8 | 0x00000000 |
| GetLocaleInfoA | - | 0x0056E2CC | 0x0016E2CC | 0x0016B6CC | 0x00000000 |
| GetLocalTime | - | 0x0056E2D0 | 0x0016E2D0 | 0x0016B6D0 | 0x00000000 |
| GetLastError | - | 0x0056E2D4 | 0x0016E2D4 | 0x0016B6D4 | 0x00000000 |
| GetFullPathNameA | - | 0x0056E2D8 | 0x0016E2D8 | 0x0016B6D8 | 0x00000000 |
| GetDiskFreeSpaceA | - | 0x0056E2DC | 0x0016E2DC | 0x0016B6DC | 0x00000000 |
| GetDateFormatA | - | 0x0056E2E0 | 0x0016E2E0 | 0x0016B6E0 | 0x00000000 |
| GetCurrentThreadId | - | 0x0056E2E4 | 0x0016E2E4 | 0x0016B6E4 | 0x00000000 |
| GetCurrentProcessId | - | 0x0056E2E8 | 0x0016E2E8 | 0x0016B6E8 | 0x00000000 |
| GetCPInfo | - | 0x0056E2EC | 0x0016E2EC | 0x0016B6EC | 0x00000000 |
| GetACP | - | 0x0056E2F0 | 0x0016E2F0 | 0x0016B6F0 | 0x00000000 |
| FreeResource | - | 0x0056E2F4 | 0x0016E2F4 | 0x0016B6F4 | 0x00000000 |
| InterlockedExchange | - | 0x0056E2F8 | 0x0016E2F8 | 0x0016B6F8 | 0x00000000 |
| FreeLibrary | - | 0x0056E2FC | 0x0016E2FC | 0x0016B6FC | 0x00000000 |
| FormatMessageA | - | 0x0056E300 | 0x0016E300 | 0x0016B700 | 0x00000000 |
| FindResourceA | - | 0x0056E304 | 0x0016E304 | 0x0016B704 | 0x00000000 |
| EnumCalendarInfoA | - | 0x0056E308 | 0x0016E308 | 0x0016B708 | 0x00000000 |
| EnterCriticalSection | - | 0x0056E30C | 0x0016E30C | 0x0016B70C | 0x00000000 |
| DeleteCriticalSection | - | 0x0056E310 | 0x0016E310 | 0x0016B710 | 0x00000000 |
| CreateThread | - | 0x0056E314 | 0x0016E314 | 0x0016B714 | 0x00000000 |
| CreateFileA | - | 0x0056E318 | 0x0016E318 | 0x0016B718 | 0x00000000 |
| CreateEventA | - | 0x0056E31C | 0x0016E31C | 0x0016B71C | 0x00000000 |
| CompareStringA | - | 0x0056E320 | 0x0016E320 | 0x0016B720 | 0x00000000 |
| CloseHandle | - | 0x0056E324 | 0x0016E324 | 0x0016B724 | 0x00000000 |
version.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VerQueryValueA | - | 0x0056E32C | 0x0016E32C | 0x0016B72C | 0x00000000 |
| GetFileVersionInfoSizeA | - | 0x0056E330 | 0x0016E330 | 0x0016B730 | 0x00000000 |
| GetFileVersionInfoA | - | 0x0056E334 | 0x0016E334 | 0x0016B734 | 0x00000000 |
gdi32.dll (56)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| UnrealizeObject | - | 0x0056E33C | 0x0016E33C | 0x0016B73C | 0x00000000 |
| StretchBlt | - | 0x0056E340 | 0x0016E340 | 0x0016B740 | 0x00000000 |
| SetWindowOrgEx | - | 0x0056E344 | 0x0016E344 | 0x0016B744 | 0x00000000 |
| SetViewportOrgEx | - | 0x0056E348 | 0x0016E348 | 0x0016B748 | 0x00000000 |
| SetTextColor | - | 0x0056E34C | 0x0016E34C | 0x0016B74C | 0x00000000 |
| SetStretchBltMode | - | 0x0056E350 | 0x0016E350 | 0x0016B750 | 0x00000000 |
| SetROP2 | - | 0x0056E354 | 0x0016E354 | 0x0016B754 | 0x00000000 |
| SetPixel | - | 0x0056E358 | 0x0016E358 | 0x0016B758 | 0x00000000 |
| SetDIBColorTable | - | 0x0056E35C | 0x0016E35C | 0x0016B75C | 0x00000000 |
| SetBrushOrgEx | - | 0x0056E360 | 0x0016E360 | 0x0016B760 | 0x00000000 |
| SetBkMode | - | 0x0056E364 | 0x0016E364 | 0x0016B764 | 0x00000000 |
| SetBkColor | - | 0x0056E368 | 0x0016E368 | 0x0016B768 | 0x00000000 |
| SelectPalette | - | 0x0056E36C | 0x0016E36C | 0x0016B76C | 0x00000000 |
| SelectObject | - | 0x0056E370 | 0x0016E370 | 0x0016B770 | 0x00000000 |
| SaveDC | - | 0x0056E374 | 0x0016E374 | 0x0016B774 | 0x00000000 |
| RestoreDC | - | 0x0056E378 | 0x0016E378 | 0x0016B778 | 0x00000000 |
| Rectangle | - | 0x0056E37C | 0x0016E37C | 0x0016B77C | 0x00000000 |
| RectVisible | - | 0x0056E380 | 0x0016E380 | 0x0016B780 | 0x00000000 |
| RealizePalette | - | 0x0056E384 | 0x0016E384 | 0x0016B784 | 0x00000000 |
| PatBlt | - | 0x0056E388 | 0x0016E388 | 0x0016B788 | 0x00000000 |
| MoveToEx | - | 0x0056E38C | 0x0016E38C | 0x0016B78C | 0x00000000 |
| MaskBlt | - | 0x0056E390 | 0x0016E390 | 0x0016B790 | 0x00000000 |
| LineTo | - | 0x0056E394 | 0x0016E394 | 0x0016B794 | 0x00000000 |
| IntersectClipRect | - | 0x0056E398 | 0x0016E398 | 0x0016B798 | 0x00000000 |
| GetWindowOrgEx | - | 0x0056E39C | 0x0016E39C | 0x0016B79C | 0x00000000 |
| GetTextMetricsA | - | 0x0056E3A0 | 0x0016E3A0 | 0x0016B7A0 | 0x00000000 |
| GetTextExtentPoint32A | - | 0x0056E3A4 | 0x0016E3A4 | 0x0016B7A4 | 0x00000000 |
| GetSystemPaletteEntries | - | 0x0056E3A8 | 0x0016E3A8 | 0x0016B7A8 | 0x00000000 |
| GetStockObject | - | 0x0056E3AC | 0x0016E3AC | 0x0016B7AC | 0x00000000 |
| GetPixel | - | 0x0056E3B0 | 0x0016E3B0 | 0x0016B7B0 | 0x00000000 |
| GetPaletteEntries | - | 0x0056E3B4 | 0x0016E3B4 | 0x0016B7B4 | 0x00000000 |
| GetObjectA | - | 0x0056E3B8 | 0x0016E3B8 | 0x0016B7B8 | 0x00000000 |
| GetDeviceCaps | - | 0x0056E3BC | 0x0016E3BC | 0x0016B7BC | 0x00000000 |
| GetDIBits | - | 0x0056E3C0 | 0x0016E3C0 | 0x0016B7C0 | 0x00000000 |
| GetDIBColorTable | - | 0x0056E3C4 | 0x0016E3C4 | 0x0016B7C4 | 0x00000000 |
| GetDCOrgEx | - | 0x0056E3C8 | 0x0016E3C8 | 0x0016B7C8 | 0x00000000 |
| GetCurrentPositionEx | - | 0x0056E3CC | 0x0016E3CC | 0x0016B7CC | 0x00000000 |
| GetClipBox | - | 0x0056E3D0 | 0x0016E3D0 | 0x0016B7D0 | 0x00000000 |
| GetBrushOrgEx | - | 0x0056E3D4 | 0x0016E3D4 | 0x0016B7D4 | 0x00000000 |
| GetBitmapBits | - | 0x0056E3D8 | 0x0016E3D8 | 0x0016B7D8 | 0x00000000 |
| GdiFlush | - | 0x0056E3DC | 0x0016E3DC | 0x0016B7DC | 0x00000000 |
| ExcludeClipRect | - | 0x0056E3E0 | 0x0016E3E0 | 0x0016B7E0 | 0x00000000 |
| DeleteObject | - | 0x0056E3E4 | 0x0016E3E4 | 0x0016B7E4 | 0x00000000 |
| DeleteDC | - | 0x0056E3E8 | 0x0016E3E8 | 0x0016B7E8 | 0x00000000 |
| CreateSolidBrush | - | 0x0056E3EC | 0x0016E3EC | 0x0016B7EC | 0x00000000 |
| CreatePenIndirect | - | 0x0056E3F0 | 0x0016E3F0 | 0x0016B7F0 | 0x00000000 |
| CreatePalette | - | 0x0056E3F4 | 0x0016E3F4 | 0x0016B7F4 | 0x00000000 |
| CreateHalftonePalette | - | 0x0056E3F8 | 0x0016E3F8 | 0x0016B7F8 | 0x00000000 |
| CreateFontIndirectA | - | 0x0056E3FC | 0x0016E3FC | 0x0016B7FC | 0x00000000 |
| CreateDIBitmap | - | 0x0056E400 | 0x0016E400 | 0x0016B800 | 0x00000000 |
| CreateDIBSection | - | 0x0056E404 | 0x0016E404 | 0x0016B804 | 0x00000000 |
| CreateCompatibleDC | - | 0x0056E408 | 0x0016E408 | 0x0016B808 | 0x00000000 |
| CreateCompatibleBitmap | - | 0x0056E40C | 0x0016E40C | 0x0016B80C | 0x00000000 |
| CreateBrushIndirect | - | 0x0056E410 | 0x0016E410 | 0x0016B810 | 0x00000000 |
| CreateBitmap | - | 0x0056E414 | 0x0016E414 | 0x0016B814 | 0x00000000 |
| BitBlt | - | 0x0056E418 | 0x0016E418 | 0x0016B818 | 0x00000000 |
user32.dll (155)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateWindowExA | - | 0x0056E420 | 0x0016E420 | 0x0016B820 | 0x00000000 |
| WindowFromPoint | - | 0x0056E424 | 0x0016E424 | 0x0016B824 | 0x00000000 |
| WinHelpA | - | 0x0056E428 | 0x0016E428 | 0x0016B828 | 0x00000000 |
| WaitMessage | - | 0x0056E42C | 0x0016E42C | 0x0016B82C | 0x00000000 |
| UpdateWindow | - | 0x0056E430 | 0x0016E430 | 0x0016B830 | 0x00000000 |
| UnregisterClassA | - | 0x0056E434 | 0x0016E434 | 0x0016B834 | 0x00000000 |
| UnhookWindowsHookEx | - | 0x0056E438 | 0x0016E438 | 0x0016B838 | 0x00000000 |
| TranslateMessage | - | 0x0056E43C | 0x0016E43C | 0x0016B83C | 0x00000000 |
| TranslateMDISysAccel | - | 0x0056E440 | 0x0016E440 | 0x0016B840 | 0x00000000 |
| TrackPopupMenu | - | 0x0056E444 | 0x0016E444 | 0x0016B844 | 0x00000000 |
| SystemParametersInfoA | - | 0x0056E448 | 0x0016E448 | 0x0016B848 | 0x00000000 |
| ShowWindow | - | 0x0056E44C | 0x0016E44C | 0x0016B84C | 0x00000000 |
| ShowScrollBar | - | 0x0056E450 | 0x0016E450 | 0x0016B850 | 0x00000000 |
| ShowOwnedPopups | - | 0x0056E454 | 0x0016E454 | 0x0016B854 | 0x00000000 |
| ShowCursor | - | 0x0056E458 | 0x0016E458 | 0x0016B858 | 0x00000000 |
| SetWindowsHookExA | - | 0x0056E45C | 0x0016E45C | 0x0016B85C | 0x00000000 |
| SetWindowPos | - | 0x0056E460 | 0x0016E460 | 0x0016B860 | 0x00000000 |
| SetWindowPlacement | - | 0x0056E464 | 0x0016E464 | 0x0016B864 | 0x00000000 |
| SetWindowLongA | - | 0x0056E468 | 0x0016E468 | 0x0016B868 | 0x00000000 |
| SetTimer | - | 0x0056E46C | 0x0016E46C | 0x0016B86C | 0x00000000 |
| SetScrollRange | - | 0x0056E470 | 0x0016E470 | 0x0016B870 | 0x00000000 |
| SetScrollPos | - | 0x0056E474 | 0x0016E474 | 0x0016B874 | 0x00000000 |
| SetScrollInfo | - | 0x0056E478 | 0x0016E478 | 0x0016B878 | 0x00000000 |
| SetRect | - | 0x0056E47C | 0x0016E47C | 0x0016B87C | 0x00000000 |
| SetPropA | - | 0x0056E480 | 0x0016E480 | 0x0016B880 | 0x00000000 |
| SetParent | - | 0x0056E484 | 0x0016E484 | 0x0016B884 | 0x00000000 |
| SetMenuItemInfoA | - | 0x0056E488 | 0x0016E488 | 0x0016B888 | 0x00000000 |
| SetMenu | - | 0x0056E48C | 0x0016E48C | 0x0016B88C | 0x00000000 |
| SetForegroundWindow | - | 0x0056E490 | 0x0016E490 | 0x0016B890 | 0x00000000 |
| SetFocus | - | 0x0056E494 | 0x0016E494 | 0x0016B894 | 0x00000000 |
| SetCursor | - | 0x0056E498 | 0x0016E498 | 0x0016B898 | 0x00000000 |
| SetClassLongA | - | 0x0056E49C | 0x0016E49C | 0x0016B89C | 0x00000000 |
| SetCapture | - | 0x0056E4A0 | 0x0016E4A0 | 0x0016B8A0 | 0x00000000 |
| SetActiveWindow | - | 0x0056E4A4 | 0x0016E4A4 | 0x0016B8A4 | 0x00000000 |
| SendMessageA | - | 0x0056E4A8 | 0x0016E4A8 | 0x0016B8A8 | 0x00000000 |
| ScrollWindow | - | 0x0056E4AC | 0x0016E4AC | 0x0016B8AC | 0x00000000 |
| ScreenToClient | - | 0x0056E4B0 | 0x0016E4B0 | 0x0016B8B0 | 0x00000000 |
| RemovePropA | - | 0x0056E4B4 | 0x0016E4B4 | 0x0016B8B4 | 0x00000000 |
| RemoveMenu | - | 0x0056E4B8 | 0x0016E4B8 | 0x0016B8B8 | 0x00000000 |
| ReleaseDC | - | 0x0056E4BC | 0x0016E4BC | 0x0016B8BC | 0x00000000 |
| ReleaseCapture | - | 0x0056E4C0 | 0x0016E4C0 | 0x0016B8C0 | 0x00000000 |
| RegisterWindowMessageA | - | 0x0056E4C4 | 0x0016E4C4 | 0x0016B8C4 | 0x00000000 |
| RegisterClipboardFormatA | - | 0x0056E4C8 | 0x0016E4C8 | 0x0016B8C8 | 0x00000000 |
| RegisterClassA | - | 0x0056E4CC | 0x0016E4CC | 0x0016B8CC | 0x00000000 |
| RedrawWindow | - | 0x0056E4D0 | 0x0016E4D0 | 0x0016B8D0 | 0x00000000 |
| PtInRect | - | 0x0056E4D4 | 0x0016E4D4 | 0x0016B8D4 | 0x00000000 |
| PostQuitMessage | - | 0x0056E4D8 | 0x0016E4D8 | 0x0016B8D8 | 0x00000000 |
| PostMessageA | - | 0x0056E4DC | 0x0016E4DC | 0x0016B8DC | 0x00000000 |
| PeekMessageA | - | 0x0056E4E0 | 0x0016E4E0 | 0x0016B8E0 | 0x00000000 |
| OffsetRect | - | 0x0056E4E4 | 0x0016E4E4 | 0x0016B8E4 | 0x00000000 |
| OemToCharA | - | 0x0056E4E8 | 0x0016E4E8 | 0x0016B8E8 | 0x00000000 |
| MessageBoxA | - | 0x0056E4EC | 0x0016E4EC | 0x0016B8EC | 0x00000000 |
| MapWindowPoints | - | 0x0056E4F0 | 0x0016E4F0 | 0x0016B8F0 | 0x00000000 |
| MapVirtualKeyA | - | 0x0056E4F4 | 0x0016E4F4 | 0x0016B8F4 | 0x00000000 |
| LoadStringA | - | 0x0056E4F8 | 0x0016E4F8 | 0x0016B8F8 | 0x00000000 |
| LoadKeyboardLayoutA | - | 0x0056E4FC | 0x0016E4FC | 0x0016B8FC | 0x00000000 |
| LoadIconA | - | 0x0056E500 | 0x0016E500 | 0x0016B900 | 0x00000000 |
| LoadCursorA | - | 0x0056E504 | 0x0016E504 | 0x0016B904 | 0x00000000 |
| LoadBitmapA | - | 0x0056E508 | 0x0016E508 | 0x0016B908 | 0x00000000 |
| KillTimer | - | 0x0056E50C | 0x0016E50C | 0x0016B90C | 0x00000000 |
| IsZoomed | - | 0x0056E510 | 0x0016E510 | 0x0016B910 | 0x00000000 |
| IsWindowVisible | - | 0x0056E514 | 0x0016E514 | 0x0016B914 | 0x00000000 |
| IsWindowEnabled | - | 0x0056E518 | 0x0016E518 | 0x0016B918 | 0x00000000 |
| IsWindow | - | 0x0056E51C | 0x0016E51C | 0x0016B91C | 0x00000000 |
| IsRectEmpty | - | 0x0056E520 | 0x0016E520 | 0x0016B920 | 0x00000000 |
| IsIconic | - | 0x0056E524 | 0x0016E524 | 0x0016B924 | 0x00000000 |
| IsDialogMessageA | - | 0x0056E528 | 0x0016E528 | 0x0016B928 | 0x00000000 |
| IsChild | - | 0x0056E52C | 0x0016E52C | 0x0016B92C | 0x00000000 |
| InvalidateRect | - | 0x0056E530 | 0x0016E530 | 0x0016B930 | 0x00000000 |
| IntersectRect | - | 0x0056E534 | 0x0016E534 | 0x0016B934 | 0x00000000 |
| InsertMenuItemA | - | 0x0056E538 | 0x0016E538 | 0x0016B938 | 0x00000000 |
| InsertMenuA | - | 0x0056E53C | 0x0016E53C | 0x0016B93C | 0x00000000 |
| InflateRect | - | 0x0056E540 | 0x0016E540 | 0x0016B940 | 0x00000000 |
| GetWindowThreadProcessId | - | 0x0056E544 | 0x0016E544 | 0x0016B944 | 0x00000000 |
| GetWindowTextA | - | 0x0056E548 | 0x0016E548 | 0x0016B948 | 0x00000000 |
| GetWindowRect | - | 0x0056E54C | 0x0016E54C | 0x0016B94C | 0x00000000 |
| GetWindowPlacement | - | 0x0056E550 | 0x0016E550 | 0x0016B950 | 0x00000000 |
| GetWindowLongA | - | 0x0056E554 | 0x0016E554 | 0x0016B954 | 0x00000000 |
| GetWindowDC | - | 0x0056E558 | 0x0016E558 | 0x0016B958 | 0x00000000 |
| GetTopWindow | - | 0x0056E55C | 0x0016E55C | 0x0016B95C | 0x00000000 |
| GetSystemMetrics | - | 0x0056E560 | 0x0016E560 | 0x0016B960 | 0x00000000 |
| GetSystemMenu | - | 0x0056E564 | 0x0016E564 | 0x0016B964 | 0x00000000 |
| GetSysColorBrush | - | 0x0056E568 | 0x0016E568 | 0x0016B968 | 0x00000000 |
| GetSysColor | - | 0x0056E56C | 0x0016E56C | 0x0016B96C | 0x00000000 |
| GetSubMenu | - | 0x0056E570 | 0x0016E570 | 0x0016B970 | 0x00000000 |
| GetScrollRange | - | 0x0056E574 | 0x0016E574 | 0x0016B974 | 0x00000000 |
| GetScrollPos | - | 0x0056E578 | 0x0016E578 | 0x0016B978 | 0x00000000 |
| GetScrollInfo | - | 0x0056E57C | 0x0016E57C | 0x0016B97C | 0x00000000 |
| GetPropA | - | 0x0056E580 | 0x0016E580 | 0x0016B980 | 0x00000000 |
| GetParent | - | 0x0056E584 | 0x0016E584 | 0x0016B984 | 0x00000000 |
| GetWindow | - | 0x0056E588 | 0x0016E588 | 0x0016B988 | 0x00000000 |
| GetMenuStringA | - | 0x0056E58C | 0x0016E58C | 0x0016B98C | 0x00000000 |
| GetMenuState | - | 0x0056E590 | 0x0016E590 | 0x0016B990 | 0x00000000 |
| GetMenuItemInfoA | - | 0x0056E594 | 0x0016E594 | 0x0016B994 | 0x00000000 |
| GetMenuItemID | - | 0x0056E598 | 0x0016E598 | 0x0016B998 | 0x00000000 |
| GetMenuItemCount | - | 0x0056E59C | 0x0016E59C | 0x0016B99C | 0x00000000 |
| GetMenu | - | 0x0056E5A0 | 0x0016E5A0 | 0x0016B9A0 | 0x00000000 |
| GetLastActivePopup | - | 0x0056E5A4 | 0x0016E5A4 | 0x0016B9A4 | 0x00000000 |
| GetKeyboardState | - | 0x0056E5A8 | 0x0016E5A8 | 0x0016B9A8 | 0x00000000 |
| GetKeyboardLayoutList | - | 0x0056E5AC | 0x0016E5AC | 0x0016B9AC | 0x00000000 |
| GetKeyboardLayout | - | 0x0056E5B0 | 0x0016E5B0 | 0x0016B9B0 | 0x00000000 |
| GetKeyState | - | 0x0056E5B4 | 0x0016E5B4 | 0x0016B9B4 | 0x00000000 |
| GetKeyNameTextA | - | 0x0056E5B8 | 0x0016E5B8 | 0x0016B9B8 | 0x00000000 |
| GetIconInfo | - | 0x0056E5BC | 0x0016E5BC | 0x0016B9BC | 0x00000000 |
| GetForegroundWindow | - | 0x0056E5C0 | 0x0016E5C0 | 0x0016B9C0 | 0x00000000 |
| GetFocus | - | 0x0056E5C4 | 0x0016E5C4 | 0x0016B9C4 | 0x00000000 |
| GetDlgItem | - | 0x0056E5C8 | 0x0016E5C8 | 0x0016B9C8 | 0x00000000 |
| GetDesktopWindow | - | 0x0056E5CC | 0x0016E5CC | 0x0016B9CC | 0x00000000 |
| GetDCEx | - | 0x0056E5D0 | 0x0016E5D0 | 0x0016B9D0 | 0x00000000 |
| GetDC | - | 0x0056E5D4 | 0x0016E5D4 | 0x0016B9D4 | 0x00000000 |
| GetCursorPos | - | 0x0056E5D8 | 0x0016E5D8 | 0x0016B9D8 | 0x00000000 |
| GetCursor | - | 0x0056E5DC | 0x0016E5DC | 0x0016B9DC | 0x00000000 |
| GetClientRect | - | 0x0056E5E0 | 0x0016E5E0 | 0x0016B9E0 | 0x00000000 |
| GetClassNameA | - | 0x0056E5E4 | 0x0016E5E4 | 0x0016B9E4 | 0x00000000 |
| GetClassInfoA | - | 0x0056E5E8 | 0x0016E5E8 | 0x0016B9E8 | 0x00000000 |
| GetCapture | - | 0x0056E5EC | 0x0016E5EC | 0x0016B9EC | 0x00000000 |
| GetActiveWindow | - | 0x0056E5F0 | 0x0016E5F0 | 0x0016B9F0 | 0x00000000 |
| FrameRect | - | 0x0056E5F4 | 0x0016E5F4 | 0x0016B9F4 | 0x00000000 |
| FindWindowA | - | 0x0056E5F8 | 0x0016E5F8 | 0x0016B9F8 | 0x00000000 |
| FillRect | - | 0x0056E5FC | 0x0016E5FC | 0x0016B9FC | 0x00000000 |
| EqualRect | - | 0x0056E600 | 0x0016E600 | 0x0016BA00 | 0x00000000 |
| EnumWindows | - | 0x0056E604 | 0x0016E604 | 0x0016BA04 | 0x00000000 |
| EnumThreadWindows | - | 0x0056E608 | 0x0016E608 | 0x0016BA08 | 0x00000000 |
| EndPaint | - | 0x0056E60C | 0x0016E60C | 0x0016BA0C | 0x00000000 |
| EnableWindow | - | 0x0056E610 | 0x0016E610 | 0x0016BA10 | 0x00000000 |
| EnableScrollBar | - | 0x0056E614 | 0x0016E614 | 0x0016BA14 | 0x00000000 |
| EnableMenuItem | - | 0x0056E618 | 0x0016E618 | 0x0016BA18 | 0x00000000 |
| DrawTextA | - | 0x0056E61C | 0x0016E61C | 0x0016BA1C | 0x00000000 |
| DrawMenuBar | - | 0x0056E620 | 0x0016E620 | 0x0016BA20 | 0x00000000 |
| DrawIconEx | - | 0x0056E624 | 0x0016E624 | 0x0016BA24 | 0x00000000 |
| DrawIcon | - | 0x0056E628 | 0x0016E628 | 0x0016BA28 | 0x00000000 |
| DrawFrameControl | - | 0x0056E62C | 0x0016E62C | 0x0016BA2C | 0x00000000 |
| DrawEdge | - | 0x0056E630 | 0x0016E630 | 0x0016BA30 | 0x00000000 |
| DispatchMessageA | - | 0x0056E634 | 0x0016E634 | 0x0016BA34 | 0x00000000 |
| DestroyWindow | - | 0x0056E638 | 0x0016E638 | 0x0016BA38 | 0x00000000 |
| DestroyMenu | - | 0x0056E63C | 0x0016E63C | 0x0016BA3C | 0x00000000 |
| DestroyIcon | - | 0x0056E640 | 0x0016E640 | 0x0016BA40 | 0x00000000 |
| DestroyCursor | - | 0x0056E644 | 0x0016E644 | 0x0016BA44 | 0x00000000 |
| DeleteMenu | - | 0x0056E648 | 0x0016E648 | 0x0016BA48 | 0x00000000 |
| DefWindowProcA | - | 0x0056E64C | 0x0016E64C | 0x0016BA4C | 0x00000000 |
| DefMDIChildProcA | - | 0x0056E650 | 0x0016E650 | 0x0016BA50 | 0x00000000 |
| DefFrameProcA | - | 0x0056E654 | 0x0016E654 | 0x0016BA54 | 0x00000000 |
| CreatePopupMenu | - | 0x0056E658 | 0x0016E658 | 0x0016BA58 | 0x00000000 |
| CreateMenu | - | 0x0056E65C | 0x0016E65C | 0x0016BA5C | 0x00000000 |
| CreateIcon | - | 0x0056E660 | 0x0016E660 | 0x0016BA60 | 0x00000000 |
| ClientToScreen | - | 0x0056E664 | 0x0016E664 | 0x0016BA64 | 0x00000000 |
| CheckMenuItem | - | 0x0056E668 | 0x0016E668 | 0x0016BA68 | 0x00000000 |
| CallWindowProcA | - | 0x0056E66C | 0x0016E66C | 0x0016BA6C | 0x00000000 |
| CallNextHookEx | - | 0x0056E670 | 0x0016E670 | 0x0016BA70 | 0x00000000 |
| BeginPaint | - | 0x0056E674 | 0x0016E674 | 0x0016BA74 | 0x00000000 |
| CharNextA | - | 0x0056E678 | 0x0016E678 | 0x0016BA78 | 0x00000000 |
| CharLowerA | - | 0x0056E67C | 0x0016E67C | 0x0016BA7C | 0x00000000 |
| CharToOemA | - | 0x0056E680 | 0x0016E680 | 0x0016BA80 | 0x00000000 |
| AdjustWindowRectEx | - | 0x0056E684 | 0x0016E684 | 0x0016BA84 | 0x00000000 |
| ActivateKeyboardLayout | - | 0x0056E688 | 0x0016E688 | 0x0016BA88 | 0x00000000 |
kernel32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| Sleep | - | 0x0056E690 | 0x0016E690 | 0x0016BA90 | 0x00000000 |
oleaut32.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SafeArrayPtrOfIndex | - | 0x0056E698 | 0x0016E698 | 0x0016BA98 | 0x00000000 |
| SafeArrayGetUBound | - | 0x0056E69C | 0x0016E69C | 0x0016BA9C | 0x00000000 |
| SafeArrayGetLBound | - | 0x0056E6A0 | 0x0016E6A0 | 0x0016BAA0 | 0x00000000 |
| SafeArrayCreate | - | 0x0056E6A4 | 0x0016E6A4 | 0x0016BAA4 | 0x00000000 |
| VariantChangeType | - | 0x0056E6A8 | 0x0016E6A8 | 0x0016BAA8 | 0x00000000 |
| VariantCopy | - | 0x0056E6AC | 0x0016E6AC | 0x0016BAAC | 0x00000000 |
| VariantClear | - | 0x0056E6B0 | 0x0016E6B0 | 0x0016BAB0 | 0x00000000 |
| VariantInit | - | 0x0056E6B4 | 0x0016E6B4 | 0x0016BAB4 | 0x00000000 |
comctl32.dll (23)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ImageList_SetIconSize | - | 0x0056E6BC | 0x0016E6BC | 0x0016BABC | 0x00000000 |
| ImageList_GetIconSize | - | 0x0056E6C0 | 0x0016E6C0 | 0x0016BAC0 | 0x00000000 |
| ImageList_Write | - | 0x0056E6C4 | 0x0016E6C4 | 0x0016BAC4 | 0x00000000 |
| ImageList_Read | - | 0x0056E6C8 | 0x0016E6C8 | 0x0016BAC8 | 0x00000000 |
| ImageList_GetDragImage | - | 0x0056E6CC | 0x0016E6CC | 0x0016BACC | 0x00000000 |
| ImageList_DragShowNolock | - | 0x0056E6D0 | 0x0016E6D0 | 0x0016BAD0 | 0x00000000 |
| ImageList_SetDragCursorImage | - | 0x0056E6D4 | 0x0016E6D4 | 0x0016BAD4 | 0x00000000 |
| ImageList_DragMove | - | 0x0056E6D8 | 0x0016E6D8 | 0x0016BAD8 | 0x00000000 |
| ImageList_DragLeave | - | 0x0056E6DC | 0x0016E6DC | 0x0016BADC | 0x00000000 |
| ImageList_DragEnter | - | 0x0056E6E0 | 0x0016E6E0 | 0x0016BAE0 | 0x00000000 |
| ImageList_EndDrag | - | 0x0056E6E4 | 0x0016E6E4 | 0x0016BAE4 | 0x00000000 |
| ImageList_BeginDrag | - | 0x0056E6E8 | 0x0016E6E8 | 0x0016BAE8 | 0x00000000 |
| ImageList_Remove | - | 0x0056E6EC | 0x0016E6EC | 0x0016BAEC | 0x00000000 |
| ImageList_DrawEx | - | 0x0056E6F0 | 0x0016E6F0 | 0x0016BAF0 | 0x00000000 |
| ImageList_Draw | - | 0x0056E6F4 | 0x0016E6F4 | 0x0016BAF4 | 0x00000000 |
| ImageList_GetBkColor | - | 0x0056E6F8 | 0x0016E6F8 | 0x0016BAF8 | 0x00000000 |
| ImageList_SetBkColor | - | 0x0056E6FC | 0x0016E6FC | 0x0016BAFC | 0x00000000 |
| ImageList_ReplaceIcon | - | 0x0056E700 | 0x0016E700 | 0x0016BB00 | 0x00000000 |
| ImageList_Add | - | 0x0056E704 | 0x0016E704 | 0x0016BB04 | 0x00000000 |
| ImageList_SetImageCount | - | 0x0056E708 | 0x0016E708 | 0x0016BB08 | 0x00000000 |
| ImageList_GetImageCount | - | 0x0056E70C | 0x0016E70C | 0x0016BB0C | 0x00000000 |
| ImageList_Destroy | - | 0x0056E710 | 0x0016E710 | 0x0016BB10 | 0x00000000 |
| ImageList_Create | - | 0x0056E714 | 0x0016E714 | 0x0016BB14 | 0x00000000 |
comdlg32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSaveFileNameA | - | 0x0056E71C | 0x0016E71C | 0x0016BB1C | 0x00000000 |
| GetOpenFileNameA | - | 0x0056E720 | 0x0016E720 | 0x0016BB20 | 0x00000000 |
Exports (1)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| None | 0x00051ADC | 0x00000001 |
Memory Dumps (20)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| sppsvc.pif | 10 | 0x00400000 | 0x00597FFF | Relevant Image |
|
32-bit | 0x00405E88 |
|
...
|
| buffer | 10 | 0x006D0000 | 0x006D0FFF | First Execution |
|
32-bit | 0x006D0FEF |
|
...
|
| buffer | 10 | 0x006D0000 | 0x006D0FFF | Content Changed |
|
32-bit | 0x006D0FEF |
|
...
|
| buffer | 10 | 0x14168000 | 0x1416FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x0019C000 | 0x0019FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x006D0000 | 0x006D0FFF | First Network Behavior |
|
32-bit | 0x006D0FAE |
|
...
|
| buffer | 10 | 0x0085BD90 | 0x0085C3D3 | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x0085CD40 | 0x0085DD37 | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x0220000C | 0x0220200B | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x02A74000 | 0x02A7FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x02B74000 | 0x02B7FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x13F30000 | 0x1406FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x7F380000 | 0x7F44FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x7F5F0000 | 0x7F6BFFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x7F6C0000 | 0x7FD0FFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x7FD10000 | 0x7FEAFFFF | First Network Behavior |
|
32-bit | - |
|
...
|
| sppsvc.pif | 10 | 0x00400000 | 0x00597FFF | First Network Behavior |
|
32-bit | - |
|
...
|
| counters.dat | 10 | 0x023F0000 | 0x023F0FFF | First Network Behavior |
|
32-bit | - |
|
...
|
| buffer | 10 | 0x7EA20000 | 0x7EAAFFFF | Image In Buffer |
|
32-bit | - |
|
...
|
| sppsvc.pif | 10 | 0x00400000 | 0x00597FFF | Final Dump |
|
32-bit | 0x0041AE3C |
|
...
|
| \??\C:\Users\Public\Libraries\netutils.dll | Dropped File | Binary |
Malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 114.16 KB |
| MD5 |
566b326055c3ed8e2028aa1e2c1054d0
|
| SHA1 |
c25fa6d6369c083526cafcf45b5f554635afe218
|
| SHA256 |
a692d4305b95e57e2cfc871d53a41a5bfc9e306cb1a86ca1159db4f469598714
|
| SSDeep |
1536:AxdWID3z1y5XtsBms9bOPu5jDqWte6VNCl7MbiRvRRJHu:AxdB/usBLOP8qWte6VQRRJHu
|
| ImpHash |
c8a8cb3917f35240c9add9d8f6c5c036
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x613C0000 |
| Entry Point | 0x613C13E0 |
| Size Of Code | 0x00002200 |
| Size Of Initialized Data | 0x00002400 |
| Size Of Uninitialized Data | 0x00000A00 |
| File Type | IMAGE_FILE_DLL |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2024-04-11 16:59 (UTC) |
Sections (19)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| . | 0x613C1000 | 0x00002130 | 0x00002200 | 0x00000600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.0 |
| . | 0x613C4000 | 0x00000610 | 0x00000800 | 0x00002800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.46 |
| . | 0x613C5000 | 0x000004D0 | 0x00000600 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.12 |
| . | 0x613C6000 | 0x00000228 | 0x00000400 | 0x00003600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 2.42 |
| . | 0x613C7000 | 0x000001E8 | 0x00000200 | 0x00003A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 3.96 |
| . | 0x613C8000 | 0x00000980 | 0x00000000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| . | 0x613C9000 | 0x000000C5 | 0x00000200 | 0x00003C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ | 2.16 |
| . | 0x613CA000 | 0x000007B4 | 0x00000800 | 0x00003E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.98 |
| . | 0x613CB000 | 0x00000058 | 0x00000200 | 0x00004600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.2 |
| . | 0x613CC000 | 0x00000068 | 0x00000200 | 0x00004800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.27 |
| . | 0x613CD000 | 0x0000005C | 0x00000200 | 0x00004A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.01 |
| /4 | 0x613CE000 | 0x00000310 | 0x00000400 | 0x00004C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.39 |
| /19 | 0x613CF000 | 0x00009A1C | 0x00009C00 | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.96 |
| /31 | 0x613D9000 | 0x00001625 | 0x00001800 | 0x0000EC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.44 |
| /45 | 0x613DB000 | 0x00001471 | 0x00001600 | 0x00010400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.56 |
| /57 | 0x613DD000 | 0x00000A18 | 0x00000C00 | 0x00011A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.01 |
| /70 | 0x613DE000 | 0x0000012E | 0x00000200 | 0x00012600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.43 |
| /81 | 0x613DF000 | 0x00002E50 | 0x00003000 | 0x00012800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 2.28 |
| /92 | 0x613E2000 | 0x00000550 | 0x00000600 | 0x00015800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 1.38 |
Imports (2)
»
KERNEL32.dll (31)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseHandle | - | 0x613CA1E4 | 0x0000A03C | 0x00003E3C | 0x00000055 |
| CreateToolhelp32Snapshot | - | 0x613CA1EC | 0x0000A044 | 0x00003E44 | 0x000000C3 |
| DeleteCriticalSection | - | 0x613CA1F4 | 0x0000A04C | 0x00003E4C | 0x000000D8 |
| EnterCriticalSection | - | 0x613CA1FC | 0x0000A054 | 0x00003E54 | 0x000000F8 |
| ExitProcess | - | 0x613CA204 | 0x0000A05C | 0x00003E5C | 0x00000125 |
| GetCurrentProcess | - | 0x613CA20C | 0x0000A064 | 0x00003E64 | 0x000001CD |
| GetCurrentProcessId | - | 0x613CA214 | 0x0000A06C | 0x00003E6C | 0x000001CE |
| GetCurrentThreadId | - | 0x613CA21C | 0x0000A074 | 0x00003E74 | 0x000001D2 |
| GetLastError | - | 0x613CA224 | 0x0000A07C | 0x00003E7C | 0x00000210 |
| GetModuleHandleW | - | 0x613CA22C | 0x0000A084 | 0x00003E84 | 0x00000227 |
| GetProcAddress | - | 0x613CA234 | 0x0000A08C | 0x00003E8C | 0x00000256 |
| GetSystemTimeAsFileTime | - | 0x613CA23C | 0x0000A094 | 0x00003E94 | 0x0000028A |
| GetTickCount | - | 0x613CA244 | 0x0000A09C | 0x00003E9C | 0x000002A5 |
| InitializeCriticalSection | - | 0x613CA24C | 0x0000A0A4 | 0x00003EA4 | 0x000002F9 |
| LeaveCriticalSection | - | 0x613CA254 | 0x0000A0AC | 0x00003EAC | 0x0000034B |
| LoadLibraryW | - | 0x613CA25C | 0x0000A0B4 | 0x00003EB4 | 0x00000351 |
| Process32First | - | 0x613CA264 | 0x0000A0BC | 0x00003EBC | 0x000003A9 |
| Process32Next | - | 0x613CA26C | 0x0000A0C4 | 0x00003EC4 | 0x000003AB |
| QueryPerformanceCounter | - | 0x613CA274 | 0x0000A0CC | 0x00003ECC | 0x000003BB |
| RtlAddFunctionTable | - | 0x613CA27C | 0x0000A0D4 | 0x00003ED4 | 0x00000401 |
| RtlCaptureContext | - | 0x613CA284 | 0x0000A0DC | 0x00003EDC | 0x00000402 |
| RtlLookupFunctionEntry | - | 0x613CA28C | 0x0000A0E4 | 0x00003EE4 | 0x00000409 |
| RtlVirtualUnwind | - | 0x613CA294 | 0x0000A0EC | 0x00003EEC | 0x00000410 |
| SetUnhandledExceptionFilter | - | 0x613CA29C | 0x0000A0F4 | 0x00003EF4 | 0x0000049F |
| Sleep | - | 0x613CA2A4 | 0x0000A0FC | 0x00003EFC | 0x000004AC |
| TerminateProcess | - | 0x613CA2AC | 0x0000A104 | 0x00003F04 | 0x000004BA |
| TlsGetValue | - | 0x613CA2B4 | 0x0000A10C | 0x00003F0C | 0x000004C1 |
| UnhandledExceptionFilter | - | 0x613CA2BC | 0x0000A114 | 0x00003F14 | 0x000004CE |
| VirtualProtect | - | 0x613CA2C4 | 0x0000A11C | 0x00003F1C | 0x000004EC |
| VirtualQuery | - | 0x613CA2CC | 0x0000A124 | 0x00003F24 | 0x000004EE |
| WinExec | - | 0x613CA2D4 | 0x0000A12C | 0x00003F2C | 0x0000050F |
msvcrt.dll (20)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| __dllonexit | - | 0x613CA2E4 | 0x0000A13C | 0x00003F3C | 0x0000004E |
| __iob_func | - | 0x613CA2EC | 0x0000A144 | 0x00003F44 | 0x00000053 |
| _amsg_exit | - | 0x613CA2F4 | 0x0000A14C | 0x00003F4C | 0x0000007B |
| _initterm | - | 0x613CA2FC | 0x0000A154 | 0x00003F54 | 0x00000149 |
| _lock | - | 0x613CA304 | 0x0000A15C | 0x00003F5C | 0x000001B9 |
| _onexit | - | 0x613CA30C | 0x0000A164 | 0x00003F64 | 0x00000262 |
| _unlock | - | 0x613CA314 | 0x0000A16C | 0x00003F6C | 0x00000332 |
| abort | - | 0x613CA31C | 0x0000A174 | 0x00003F74 | 0x00000406 |
| calloc | - | 0x613CA324 | 0x0000A17C | 0x00003F7C | 0x00000414 |
| free | - | 0x613CA32C | 0x0000A184 | 0x00003F84 | 0x00000437 |
| fwrite | - | 0x613CA334 | 0x0000A18C | 0x00003F8C | 0x00000442 |
| malloc | - | 0x613CA33C | 0x0000A194 | 0x00003F94 | 0x00000471 |
| memcpy | - | 0x613CA344 | 0x0000A19C | 0x00003F9C | 0x00000479 |
| puts | - | 0x613CA34C | 0x0000A1A4 | 0x00003FA4 | 0x00000484 |
| rand | - | 0x613CA354 | 0x0000A1AC | 0x00003FAC | 0x0000048A |
| signal | - | 0x613CA35C | 0x0000A1B4 | 0x00003FB4 | 0x00000496 |
| strcmp | - | 0x613CA364 | 0x0000A1BC | 0x00003FBC | 0x000004A2 |
| strlen | - | 0x613CA36C | 0x0000A1C4 | 0x00003FC4 | 0x000004A9 |
| strncmp | - | 0x613CA374 | 0x0000A1CC | 0x00003FCC | 0x000004AC |
| vfprintf | - | 0x613CA37C | 0x0000A1D4 | 0x00003FD4 | 0x000004CB |
Exports (7)
»
| API Name | EAT Address | Ordinal |
|---|---|---|
| ASSnko | 0x00001861 | 0x00000001 |
| FindProcessId | 0x00001430 | 0x00000002 |
| NetApiBufferFree | 0x00001920 | 0x00000003 |
| NetpIsRemote | 0x0000192B | 0x00000004 |
| decrypt | 0x00001749 | 0x00000005 |
| encrypt | 0x000015A1 | 0x00000006 |
| revstr | 0x00001512 | 0x00000007 |
| C:\Users\Public\Libraries\QdcbusyrO.bat | Dropped File | Text |
Malicious
|
...
|
»
| Also Known As |
\??\C:\Users\Public\Libraries\QdcbusyrO.bat (Accessed File, Dropped File)
|
| MIME Type | text/plain |
| File Size | 29.32 KB |
| MD5 |
828ffbf60677999579dafe4bf3919c63
|
| SHA1 |
a0d159a1b9a49e9eaccc53fe0c3266c0526a1bdc
|
| SHA256 |
abac4a967800f5da708572ec42441ec373cd52459a83a8a382d6b8579482789d
|
| SSDeep |
192:IBOY7cKQ/CyntVZjpubO0bXWQtagxP2+3o5WIGbfJTAy:C
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
| \??\C:\Users\Public\Libraries\aaa.bat | Dropped File | Text |
Malicious
|
...
|
»
| MIME Type | text/x-msdos-batch |
| File Size | 3.56 KB |
| MD5 |
71e46efe9932b83b397b44052513fb49
|
| SHA1 |
741af3b8c31095a0cc2c39c41e62279684913205
|
| SHA256 |
11c20fabf677cd77e8a354b520f6ffca09cac37ce15c9932550e749e49efe08a
|
| SSDeep |
96:Zx2A0d5a9zHPwo0uP6SXjr4XtgPmon38JV7ZVhvoXS966hYxcdF4AlM5NQYE2Pl+:3L6jThc/pkmZAXpA2
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
| C:\Users\Public\kn.exe | Dropped File | Binary |
Suspicious
Known to be clean.
|
...
|
»
| Also Known As |
\??\C:\Users\Public\kn.exe (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.35 MB |
| MD5 |
b80a34df495dd6d9ddeee698fb189658
|
| SHA1 |
2853c01eeda196793d6056365bd15bc5ae298b5a
|
| SHA256 |
87c9242c02eddaa28f761b7d82a5a642745599139b1c642cff52ed11198269c6
|
| SSDeep |
24576:3HF/5jXosp3sy7DC+XZchzqbeNzd02YgBgIjcCA4jqmZ:3HF/5jXospc+C+pcRhmgBgz6qq
|
| ImpHash |
88756362a16041d45555c4875ed5fc84
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400EB5D0 |
| Size Of Code | 0x000F3200 |
| Size Of Initialized Data | 0x00069E00 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2015-10-30 02:28 (UTC) |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | CertUtil.exe |
| FileVersion | 10.0.10586.0 (th2_release.151029-1700) |
| InternalName | CertUtil.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | CertUtil.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.10586.0 |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x000F313A | 0x000F3200 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.5 |
| .rdata | 0x1400F5000 | 0x0004E496 | 0x0004E600 | 0x000F3600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.56 |
| .data | 0x140144000 | 0x00011278 | 0x0000E200 | 0x00141C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.38 |
| .pdata | 0x140156000 | 0x00006CCC | 0x00006E00 | 0x0014FE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.07 |
| .didat | 0x14015D000 | 0x00000248 | 0x00000400 | 0x00156C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.07 |
| .rsrc | 0x14015E000 | 0x00000F40 | 0x00001000 | 0x00157000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.56 |
| .reloc | 0x14015F000 | 0x0000201C | 0x00002200 | 0x00158000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.37 |
Imports (23)
»
ADVAPI32.dll (92)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IsValidSecurityDescriptor | - | 0x1400F5000 | 0x0013EBE8 | 0x0013D1E8 | 0x0000019C |
| GetSecurityDescriptorLength | - | 0x1400F5008 | 0x0013EBF0 | 0x0013D1F0 | 0x0000015E |
| CryptReleaseContext | - | 0x1400F5010 | 0x0013EBF8 | 0x0013D1F8 | 0x000000DB |
| CryptAcquireContextW | - | 0x1400F5018 | 0x0013EC00 | 0x0013D200 | 0x000000C1 |
| LookupAccountNameW | - | 0x1400F5020 | 0x0013EC08 | 0x0013D208 | 0x000001A6 |
| IsValidSid | - | 0x1400F5028 | 0x0013EC10 | 0x0013D210 | 0x0000019D |
| ConvertSidToStringSidW | - | 0x1400F5030 | 0x0013EC18 | 0x0013D218 | 0x0000007B |
| ImpersonateSelf | - | 0x1400F5038 | 0x0013EC20 | 0x0013D220 | 0x0000018C |
| RevertToSelf | - | 0x1400F5040 | 0x0013EC28 | 0x0013D228 | 0x000002BC |
| LookupAccountSidW | - | 0x1400F5048 | 0x0013EC30 | 0x0013D230 | 0x000001A8 |
| CryptGetProvParam | - | 0x1400F5050 | 0x0013EC38 | 0x0013D238 | 0x000000D6 |
| CryptGetUserKey | - | 0x1400F5058 | 0x0013EC40 | 0x0013D240 | 0x000000D7 |
| CryptGetKeyParam | - | 0x1400F5060 | 0x0013EC48 | 0x0013D248 | 0x000000D5 |
| CryptDestroyKey | - | 0x1400F5068 | 0x0013EC50 | 0x0013D250 | 0x000000C7 |
| RegCreateKeyExW | - | 0x1400F5070 | 0x0013EC58 | 0x0013D258 | 0x00000261 |
| RegSetValueExW | - | 0x1400F5078 | 0x0013EC60 | 0x0013D260 | 0x000002A6 |
| RegSetValueExA | - | 0x1400F5080 | 0x0013EC68 | 0x0013D268 | 0x000002A5 |
| RegDeleteKeyExW | - | 0x1400F5088 | 0x0013EC70 | 0x0013D270 | 0x00000267 |
| RegCloseKey | - | 0x1400F5090 | 0x0013EC78 | 0x0013D278 | 0x00000258 |
| GetTokenInformation | - | 0x1400F5098 | 0x0013EC80 | 0x0013D280 | 0x0000016F |
| GetLengthSid | - | 0x1400F50A0 | 0x0013EC88 | 0x0013D288 | 0x0000014A |
| CopySid | - | 0x1400F50A8 | 0x0013EC90 | 0x0013D290 | 0x00000085 |
| OpenProcessToken | - | 0x1400F50B0 | 0x0013EC98 | 0x0013D298 | 0x00000214 |
| RegQueryValueExW | - | 0x1400F50B8 | 0x0013ECA0 | 0x0013D2A0 | 0x00000296 |
| RegOpenKeyExW | - | 0x1400F50C0 | 0x0013ECA8 | 0x0013D2A8 | 0x00000289 |
| RegEnumKeyExW | - | 0x1400F50C8 | 0x0013ECB0 | 0x0013D2B0 | 0x00000277 |
| RegCreateKeyW | - | 0x1400F50D0 | 0x0013ECB8 | 0x0013D2B8 | 0x00000264 |
| RegEnumValueW | - | 0x1400F50D8 | 0x0013ECC0 | 0x0013D2C0 | 0x0000027A |
| RegEnumKeyW | - | 0x1400F50E0 | 0x0013ECC8 | 0x0013D2C8 | 0x00000278 |
| RegDeleteKeyW | - | 0x1400F50E8 | 0x0013ECD0 | 0x0013D2D0 | 0x0000026C |
| RegDeleteValueW | - | 0x1400F50F0 | 0x0013ECD8 | 0x0013D2D8 | 0x00000270 |
| CryptSetProvParam | - | 0x1400F50F8 | 0x0013ECE0 | 0x0013D2E0 | 0x000000DE |
| CryptGenRandom | - | 0x1400F5100 | 0x0013ECE8 | 0x0013D2E8 | 0x000000D1 |
| CryptCreateHash | - | 0x1400F5108 | 0x0013ECF0 | 0x0013D2F0 | 0x000000C3 |
| CryptVerifySignatureW | - | 0x1400F5110 | 0x0013ECF8 | 0x0013D2F8 | 0x000000E6 |
| CryptHashData | - | 0x1400F5118 | 0x0013ED00 | 0x0013D300 | 0x000000D8 |
| CryptDestroyHash | - | 0x1400F5120 | 0x0013ED08 | 0x0013D308 | 0x000000C6 |
| CryptSetKeyParam | - | 0x1400F5128 | 0x0013ED10 | 0x0013D310 | 0x000000DD |
| CryptDecrypt | - | 0x1400F5130 | 0x0013ED18 | 0x0013D318 | 0x000000C4 |
| CryptImportKey | - | 0x1400F5138 | 0x0013ED20 | 0x0013D320 | 0x000000DA |
| RegOpenKeyW | - | 0x1400F5140 | 0x0013ED28 | 0x0013D328 | 0x0000028C |
| CryptGetHashParam | - | 0x1400F5148 | 0x0013ED30 | 0x0013D330 | 0x000000D4 |
| CryptDuplicateKey | - | 0x1400F5150 | 0x0013ED38 | 0x0013D338 | 0x000000C9 |
| CryptEncrypt | - | 0x1400F5158 | 0x0013ED40 | 0x0013D340 | 0x000000CA |
| CryptGenKey | - | 0x1400F5160 | 0x0013ED48 | 0x0013D348 | 0x000000D0 |
| GetSidSubAuthorityCount | - | 0x1400F5168 | 0x0013ED50 | 0x0013D350 | 0x0000016C |
| GetSidSubAuthority | - | 0x1400F5170 | 0x0013ED58 | 0x0013D358 | 0x0000016B |
| GetSidIdentifierAuthority | - | 0x1400F5178 | 0x0013ED60 | 0x0013D360 | 0x00000169 |
| SetNamedSecurityInfoW | - | 0x1400F5180 | 0x0013ED68 | 0x0013D368 | 0x000002DE |
| AddAccessDeniedAce | - | 0x1400F5188 | 0x0013ED70 | 0x0013D370 | 0x00000013 |
| AddAccessAllowedAce | - | 0x1400F5190 | 0x0013ED78 | 0x0013D378 | 0x00000010 |
| AddAccessDeniedObjectAce | - | 0x1400F5198 | 0x0013ED80 | 0x0013D380 | 0x00000015 |
| AddAccessAllowedObjectAce | - | 0x1400F51A0 | 0x0013ED88 | 0x0013D388 | 0x00000012 |
| AddAce | - | 0x1400F51A8 | 0x0013ED90 | 0x0013D390 | 0x00000016 |
| InitializeAcl | - | 0x1400F51B0 | 0x0013ED98 | 0x0013D398 | 0x0000018D |
| LsaStorePrivateData | - | 0x1400F51B8 | 0x0013EDA0 | 0x0013D3A0 | 0x000001F2 |
| LsaRetrievePrivateData | - | 0x1400F51C0 | 0x0013EDA8 | 0x0013D3A8 | 0x000001E6 |
| RegConnectRegistryW | - | 0x1400F51C8 | 0x0013EDB0 | 0x0013D3B0 | 0x0000025C |
| AdjustTokenPrivileges | - | 0x1400F51D0 | 0x0013EDB8 | 0x0013D3B8 | 0x0000001F |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | - | 0x1400F51D8 | 0x0013EDC0 | 0x0013D3C0 | 0x00000081 |
| ConvertSecurityDescriptorToStringSecurityDescriptorW | - | 0x1400F51E0 | 0x0013EDC8 | 0x0013D3C8 | 0x00000079 |
| CryptEnumProvidersA | - | 0x1400F51E8 | 0x0013EDD0 | 0x0013D3D0 | 0x000000CD |
| CryptGetDefaultProviderW | - | 0x1400F51F0 | 0x0013EDD8 | 0x0013D3D8 | 0x000000D3 |
| LogonUserExW | - | 0x1400F51F8 | 0x0013EDE0 | 0x0013D3E0 | 0x000001A3 |
| ImpersonateLoggedOnUser | - | 0x1400F5200 | 0x0013EDE8 | 0x0013D3E8 | 0x0000018A |
| CreateWellKnownSid | - | 0x1400F5208 | 0x0013EDF0 | 0x0013D3F0 | 0x00000092 |
| MakeAbsoluteSD | - | 0x1400F5210 | 0x0013EDF8 | 0x0013D3F8 | 0x000001FC |
| MakeSelfRelativeSD | - | 0x1400F5218 | 0x0013EE00 | 0x0013D400 | 0x000001FE |
| LsaClose | - | 0x1400F5220 | 0x0013EE08 | 0x0013D408 | 0x000001B4 |
| LsaFreeMemory | - | 0x1400F5228 | 0x0013EE10 | 0x0013D410 | 0x000001C2 |
| LsaOpenPolicy | - | 0x1400F5230 | 0x0013EE18 | 0x0013D418 | 0x000001D6 |
| FreeSid | - | 0x1400F5238 | 0x0013EE20 | 0x0013D420 | 0x00000133 |
| CheckTokenMembership | - | 0x1400F5240 | 0x0013EE28 | 0x0013D428 | 0x0000005F |
| DuplicateToken | - | 0x1400F5248 | 0x0013EE30 | 0x0013D430 | 0x000000EE |
| OpenThreadToken | - | 0x1400F5250 | 0x0013EE38 | 0x0013D438 | 0x00000219 |
| ConvertStringSidToSidW | - | 0x1400F5258 | 0x0013EE40 | 0x0013D440 | 0x00000083 |
| AllocateAndInitializeSid | - | 0x1400F5260 | 0x0013EE48 | 0x0013D448 | 0x00000020 |
| SetSecurityDescriptorDacl | - | 0x1400F5268 | 0x0013EE50 | 0x0013D450 | 0x000002E3 |
| SetEntriesInAclW | - | 0x1400F5270 | 0x0013EE58 | 0x0013D458 | 0x000002D3 |
| GetSecurityDescriptorDacl | - | 0x1400F5278 | 0x0013EE60 | 0x0013D460 | 0x0000015C |
| DeleteAce | - | 0x1400F5280 | 0x0013EE68 | 0x0013D468 | 0x000000E9 |
| EqualSid | - | 0x1400F5288 | 0x0013EE70 | 0x0013D470 | 0x00000118 |
| GetAce | - | 0x1400F5290 | 0x0013EE78 | 0x0013D478 | 0x00000136 |
| GetAclInformation | - | 0x1400F5298 | 0x0013EE80 | 0x0013D480 | 0x00000137 |
| SetSecurityDescriptorOwner | - | 0x1400F52A0 | 0x0013EE88 | 0x0013D488 | 0x000002E5 |
| InitializeSecurityDescriptor | - | 0x1400F52A8 | 0x0013EE90 | 0x0013D490 | 0x0000018E |
| GetSecurityDescriptorControl | - | 0x1400F52B0 | 0x0013EE98 | 0x0013D498 | 0x0000015B |
| CryptSignHashW | - | 0x1400F52B8 | 0x0013EEA0 | 0x0013D4A0 | 0x000000E4 |
| CryptSetHashParam | - | 0x1400F52C0 | 0x0013EEA8 | 0x0013D4A8 | 0x000000DC |
| CryptExportKey | - | 0x1400F52C8 | 0x0013EEB0 | 0x0013D4B0 | 0x000000CF |
| CryptDuplicateHash | - | 0x1400F52D0 | 0x0013EEB8 | 0x0013D4B8 | 0x000000C8 |
| CryptContextAddRef | - | 0x1400F52D8 | 0x0013EEC0 | 0x0013D4C0 | 0x000000C2 |
KERNEL32.dll (126)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetEvent | - | 0x1400F5708 | 0x0013F2F0 | 0x0013D8F0 | 0x0000050B |
| CreateThreadpoolWait | - | 0x1400F5710 | 0x0013F2F8 | 0x0013D8F8 | 0x000000EB |
| FindFirstChangeNotificationW | - | 0x1400F5718 | 0x0013F300 | 0x0013D900 | 0x00000171 |
| CreateThreadpoolTimer | - | 0x1400F5720 | 0x0013F308 | 0x0013D908 | 0x000000EA |
| GetFullPathNameW | - | 0x1400F5728 | 0x0013F310 | 0x0013D910 | 0x00000251 |
| CloseThreadpoolTimer | - | 0x1400F5730 | 0x0013F318 | 0x0013D918 | 0x00000085 |
| CloseThreadpoolWait | - | 0x1400F5738 | 0x0013F320 | 0x0013D920 | 0x00000086 |
| FindCloseChangeNotification | - | 0x1400F5740 | 0x0013F328 | 0x0013D928 | 0x0000016F |
| FindNextChangeNotification | - | 0x1400F5748 | 0x0013F330 | 0x0013D930 | 0x00000182 |
| SetThreadpoolWait | - | 0x1400F5750 | 0x0013F338 | 0x0013D938 | 0x0000055C |
| SetThreadpoolTimer | - | 0x1400F5758 | 0x0013F340 | 0x0013D940 | 0x0000055A |
| MultiByteToWideChar | - | 0x1400F5760 | 0x0013F348 | 0x0013D948 | 0x000003DB |
| VerifyVersionInfoW | - | 0x1400F5768 | 0x0013F350 | 0x0013D950 | 0x000005B9 |
| VerSetConditionMask | - | 0x1400F5770 | 0x0013F358 | 0x0013D958 | 0x000005B5 |
| LeaveCriticalSection | - | 0x1400F5778 | 0x0013F360 | 0x0013D960 | 0x000003AB |
| SetConsoleCtrlHandler | - | 0x1400F5780 | 0x0013F368 | 0x0013D968 | 0x000004DE |
| EnterCriticalSection | - | 0x1400F5788 | 0x0013F370 | 0x0013D970 | 0x00000129 |
| SetEndOfFile | - | 0x1400F5790 | 0x0013F378 | 0x0013D978 | 0x00000505 |
| WriteFile | - | 0x1400F5798 | 0x0013F380 | 0x0013D980 | 0x00000603 |
| LockResource | - | 0x1400F57A0 | 0x0013F388 | 0x0013D988 | 0x000003C7 |
| SizeofResource | - | 0x1400F57A8 | 0x0013F390 | 0x0013D990 | 0x0000056F |
| LoadResource | - | 0x1400F57B0 | 0x0013F398 | 0x0013D998 | 0x000003B5 |
| FindResourceW | - | 0x1400F57B8 | 0x0013F3A0 | 0x0013D9A0 | 0x0000018F |
| GetVersionExW | - | 0x1400F57C0 | 0x0013F3A8 | 0x0013D9A8 | 0x00000312 |
| GetComputerNameExW | - | 0x1400F57C8 | 0x0013F3B0 | 0x0013D9B0 | 0x000001D7 |
| GetComputerNameW | - | 0x1400F57D0 | 0x0013F3B8 | 0x0013D9B8 | 0x000001D8 |
| SetFilePointer | - | 0x1400F57D8 | 0x0013F3C0 | 0x0013D9C0 | 0x00000517 |
| GetFileSize | - | 0x1400F57E0 | 0x0013F3C8 | 0x0013D9C8 | 0x00000243 |
| ReleaseSemaphore | - | 0x1400F57E8 | 0x0013F3D0 | 0x0013D9D0 | 0x000004A0 |
| ReadFile | - | 0x1400F57F0 | 0x0013F3D8 | 0x0013D9D8 | 0x0000045F |
| FindClose | - | 0x1400F57F8 | 0x0013F3E0 | 0x0013D9E0 | 0x0000016E |
| FindNextFileW | - | 0x1400F5800 | 0x0013F3E8 | 0x0013D9E8 | 0x00000185 |
| FindFirstFileW | - | 0x1400F5808 | 0x0013F3F0 | 0x0013D9F0 | 0x00000179 |
| Sleep | - | 0x1400F5810 | 0x0013F3F8 | 0x0013D9F8 | 0x00000570 |
| GetTickCount | - | 0x1400F5818 | 0x0013F400 | 0x0013DA00 | 0x000002FD |
| LoadLibraryW | - | 0x1400F5820 | 0x0013F408 | 0x0013DA08 | 0x000003B2 |
| DecodePointer | - | 0x1400F5828 | 0x0013F410 | 0x0013DA10 | 0x000000FE |
| EncodePointer | - | 0x1400F5830 | 0x0013F418 | 0x0013DA18 | 0x00000125 |
| GetFileAttributesExW | - | 0x1400F5838 | 0x0013F420 | 0x0013DA20 | 0x0000023A |
| GetLastError | - | 0x1400F5840 | 0x0013F428 | 0x0013DA28 | 0x00000257 |
| GetTickCount64 | - | 0x1400F5848 | 0x0013F430 | 0x0013DA30 | 0x000002FE |
| PulseEvent | - | 0x1400F5850 | 0x0013F438 | 0x0013DA38 | 0x00000429 |
| OpenEventW | - | 0x1400F5858 | 0x0013F440 | 0x0013DA40 | 0x000003ED |
| GetSystemDefaultUILanguage | - | 0x1400F5860 | 0x0013F448 | 0x0013DA48 | 0x000002D5 |
| GetUserDefaultUILanguage | - | 0x1400F5868 | 0x0013F450 | 0x0013DA50 | 0x0000030C |
| LocalReAlloc | - | 0x1400F5870 | 0x0013F458 | 0x0013DA58 | 0x000003BF |
| GetModuleHandleW | - | 0x1400F5878 | 0x0013F460 | 0x0013DA60 | 0x0000026E |
| RaiseException | - | 0x1400F5880 | 0x0013F468 | 0x0013DA68 | 0x0000044F |
| DeleteCriticalSection | - | 0x1400F5888 | 0x0013F470 | 0x0013DA70 | 0x00000105 |
| InitializeCriticalSection | - | 0x1400F5890 | 0x0013F478 | 0x0013DA78 | 0x00000354 |
| GetSystemDefaultLangID | - | 0x1400F5898 | 0x0013F480 | 0x0013DA80 | 0x000002D3 |
| FormatMessageW | - | 0x1400F58A0 | 0x0013F488 | 0x0013DA88 | 0x000001A0 |
| HeapAlloc | - | 0x1400F58A8 | 0x0013F490 | 0x0013DA90 | 0x0000033C |
| HeapFree | - | 0x1400F58B0 | 0x0013F498 | 0x0013DA98 | 0x00000340 |
| GetProcessHeap | - | 0x1400F58B8 | 0x0013F4A0 | 0x0013DAA0 | 0x000002AB |
| lstrcmpW | - | 0x1400F58C0 | 0x0013F4A8 | 0x0013DAA8 | 0x00000625 |
| DeleteFileW | - | 0x1400F58C8 | 0x0013F4B0 | 0x0013DAB0 | 0x0000010A |
| GetProcAddress | - | 0x1400F58D0 | 0x0013F4B8 | 0x0013DAB8 | 0x000002A5 |
| CreateFileW | - | 0x1400F58D8 | 0x0013F4C0 | 0x0013DAC0 | 0x000000C0 |
| GetCurrentProcess | - | 0x1400F58E0 | 0x0013F4C8 | 0x0013DAC8 | 0x00000210 |
| TrySubmitThreadpoolCallback | - | 0x1400F58E8 | 0x0013F4D0 | 0x0013DAD0 | 0x0000059B |
| CreateSemaphoreW | - | 0x1400F58F0 | 0x0013F4D8 | 0x0013DAD8 | 0x000000E0 |
| CreateEventW | - | 0x1400F58F8 | 0x0013F4E0 | 0x0013DAE0 | 0x000000B4 |
| GetEnvironmentVariableW | - | 0x1400F5900 | 0x0013F4E8 | 0x0013DAE8 | 0x00000231 |
| GetTempFileNameW | - | 0x1400F5908 | 0x0013F4F0 | 0x0013DAF0 | 0x000002EB |
| SetLastError | - | 0x1400F5910 | 0x0013F4F8 | 0x0013DAF8 | 0x00000526 |
| SetConsoleMode | - | 0x1400F5918 | 0x0013F500 | 0x0013DB00 | 0x000004EE |
| GetConsoleMode | - | 0x1400F5920 | 0x0013F508 | 0x0013DB08 | 0x000001F5 |
| GetStartupInfoW | - | 0x1400F5928 | 0x0013F510 | 0x0013DB10 | 0x000002C7 |
| UnhandledExceptionFilter | - | 0x1400F5930 | 0x0013F518 | 0x0013DB18 | 0x000005A1 |
| SetUnhandledExceptionFilter | - | 0x1400F5938 | 0x0013F520 | 0x0013DB20 | 0x00000561 |
| TerminateProcess | - | 0x1400F5940 | 0x0013F528 | 0x0013DB28 | 0x0000057F |
| LocalFree | - | 0x1400F5948 | 0x0013F530 | 0x0013DB30 | 0x000003BC |
| GetSystemTime | - | 0x1400F5950 | 0x0013F538 | 0x0013DB38 | 0x000002DE |
| SystemTimeToFileTime | - | 0x1400F5958 | 0x0013F540 | 0x0013DB40 | 0x0000057B |
| GetSystemTimeAsFileTime | - | 0x1400F5960 | 0x0013F548 | 0x0013DB48 | 0x000002E0 |
| LocalAlloc | - | 0x1400F5968 | 0x0013F550 | 0x0013DB50 | 0x000003B8 |
| GetFileAttributesW | - | 0x1400F5970 | 0x0013F558 | 0x0013DB58 | 0x0000023D |
| FreeLibrary | - | 0x1400F5978 | 0x0013F560 | 0x0013DB60 | 0x000001A4 |
| CompareFileTime | - | 0x1400F5980 | 0x0013F568 | 0x0013DB68 | 0x0000008C |
| CreateThread | - | 0x1400F5988 | 0x0013F570 | 0x0013DB70 | 0x000000E6 |
| WaitForSingleObject | - | 0x1400F5990 | 0x0013F578 | 0x0013DB78 | 0x000005CB |
| GetExitCodeThread | - | 0x1400F5998 | 0x0013F580 | 0x0013DB80 | 0x00000235 |
| CloseHandle | - | 0x1400F59A0 | 0x0013F588 | 0x0013DB88 | 0x0000007C |
| GetStdHandle | - | 0x1400F59A8 | 0x0013F590 | 0x0013DB90 | 0x000002C9 |
| GetFileType | - | 0x1400F59B0 | 0x0013F598 | 0x0013DB98 | 0x00000246 |
| QueryPerformanceCounter | - | 0x1400F59B8 | 0x0013F5A0 | 0x0013DBA0 | 0x00000439 |
| GetCurrentProcessId | - | 0x1400F59C0 | 0x0013F5A8 | 0x0013DBA8 | 0x00000211 |
| GetCurrentThreadId | - | 0x1400F59C8 | 0x0013F5B0 | 0x0013DBB0 | 0x00000215 |
| OutputDebugStringA | - | 0x1400F59D0 | 0x0013F5B8 | 0x0013DBB8 | 0x00000404 |
| WideCharToMultiByte | - | 0x1400F59D8 | 0x0013F5C0 | 0x0013DBC0 | 0x000005EF |
| GetACP | - | 0x1400F59E0 | 0x0013F5C8 | 0x0013DBC8 | 0x000001AB |
| WriteConsoleW | - | 0x1400F59E8 | 0x0013F5D0 | 0x0013DBD0 | 0x00000602 |
| DelayLoadFailureHook | - | 0x1400F59F0 | 0x0013F5D8 | 0x0013DBD8 | 0x00000102 |
| GetLocaleInfoW | - | 0x1400F59F8 | 0x0013F5E0 | 0x0013DBE0 | 0x0000025B |
| FindResourceExW | - | 0x1400F5A00 | 0x0013F5E8 | 0x0013DBE8 | 0x0000018E |
| SearchPathW | - | 0x1400F5A08 | 0x0013F5F0 | 0x0013DBF0 | 0x000004CD |
| LoadLibraryExA | - | 0x1400F5A10 | 0x0013F5F8 | 0x0013DBF8 | 0x000003B0 |
| GetProfileStringA | - | 0x1400F5A18 | 0x0013F600 | 0x0013DC00 | 0x000002BF |
| ResetEvent | - | 0x1400F5A20 | 0x0013F608 | 0x0013DC08 | 0x000004B2 |
| GetFileTime | - | 0x1400F5A28 | 0x0013F610 | 0x0013DC10 | 0x00000245 |
| lstrlenW | - | 0x1400F5A30 | 0x0013F618 | 0x0013DC18 | 0x00000631 |
| GetCommandLineW | - | 0x1400F5A38 | 0x0013F620 | 0x0013DC20 | 0x000001D0 |
| VirtualFree | - | 0x1400F5A40 | 0x0013F628 | 0x0013DC28 | 0x000005BD |
| VirtualAlloc | - | 0x1400F5A48 | 0x0013F630 | 0x0013DC30 | 0x000005BA |
| GetTempPathW | - | 0x1400F5A50 | 0x0013F638 | 0x0013DC38 | 0x000002ED |
| GetLocalTime | - | 0x1400F5A58 | 0x0013F640 | 0x0013DC40 | 0x00000258 |
| OpenProcess | - | 0x1400F5A60 | 0x0013F648 | 0x0013DC48 | 0x000003F9 |
| HeapSetInformation | - | 0x1400F5A68 | 0x0013F650 | 0x0013DC50 | 0x00000344 |
| LoadLibraryExW | - | 0x1400F5A70 | 0x0013F658 | 0x0013DC58 | 0x000003B1 |
| GetSystemDirectoryW | - | 0x1400F5A78 | 0x0013F660 | 0x0013DC60 | 0x000002D7 |
| CompareStringW | - | 0x1400F5A80 | 0x0013F668 | 0x0013DC68 | 0x00000090 |
| UnmapViewOfFile | - | 0x1400F5A88 | 0x0013F670 | 0x0013DC70 | 0x000005A4 |
| MapViewOfFile | - | 0x1400F5A90 | 0x0013F678 | 0x0013DC78 | 0x000003CA |
| CreateFileMappingW | - | 0x1400F5A98 | 0x0013F680 | 0x0013DC80 | 0x000000BD |
| GetSystemInfo | - | 0x1400F5AA0 | 0x0013F688 | 0x0013DC88 | 0x000002DA |
| GetCurrentThread | - | 0x1400F5AA8 | 0x0013F690 | 0x0013DC90 | 0x00000214 |
| FoldStringW | - | 0x1400F5AB0 | 0x0013F698 | 0x0013DC98 | 0x0000019D |
| CreateDirectoryW | - | 0x1400F5AB8 | 0x0013F6A0 | 0x0013DCA0 | 0x000000AF |
| RemoveDirectoryW | - | 0x1400F5AC0 | 0x0013F6A8 | 0x0013DCA8 | 0x000004A5 |
| GetConsoleOutputCP | - | 0x1400F5AC8 | 0x0013F6B0 | 0x0013DCB0 | 0x000001F9 |
| GetTimeFormatW | - | 0x1400F5AD0 | 0x0013F6B8 | 0x0013DCB8 | 0x00000302 |
| GetDateFormatW | - | 0x1400F5AD8 | 0x0013F6C0 | 0x0013DCC0 | 0x0000021B |
| FileTimeToLocalFileTime | - | 0x1400F5AE0 | 0x0013F6C8 | 0x0013DCC8 | 0x00000162 |
| LocalFileTimeToFileTime | - | 0x1400F5AE8 | 0x0013F6D0 | 0x0013DCD0 | 0x000003BA |
| FileTimeToSystemTime | - | 0x1400F5AF0 | 0x0013F6D8 | 0x0013DCD8 | 0x00000163 |
msvcrt.dll (109)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _unlock | - | 0x1400F6140 | 0x0013FD28 | 0x0013E328 | 0x00000341 |
| _lock | - | 0x1400F6148 | 0x0013FD30 | 0x0013E330 | 0x000001E6 |
| ?terminate@@YAXXZ | - | 0x1400F6150 | 0x0013FD38 | 0x0013E338 | 0x0000002F |
| __CxxFrameHandler3 | - | 0x1400F6158 | 0x0013FD40 | 0x0013E340 | 0x0000005B |
| realloc | - | 0x1400F6160 | 0x0013FD48 | 0x0013E348 | 0x000004A9 |
| _errno | - | 0x1400F6168 | 0x0013FD50 | 0x0013E350 | 0x00000105 |
| ??1type_info@@UEAA@XZ | - | 0x1400F6170 | 0x0013FD58 | 0x0013E358 | 0x00000012 |
| _commode | - | 0x1400F6178 | 0x0013FD60 | 0x0013E360 | 0x000000D2 |
| _fmode | - | 0x1400F6180 | 0x0013FD68 | 0x0013E368 | 0x00000127 |
| _wcmdln | - | 0x1400F6188 | 0x0013FD70 | 0x0013E370 | 0x00000382 |
| __dllonexit | - | 0x1400F6190 | 0x0013FD78 | 0x0013E378 | 0x0000007B |
| _initterm | - | 0x1400F6198 | 0x0013FD80 | 0x0013E380 | 0x0000017D |
| __setusermatherr | - | 0x1400F61A0 | 0x0013FD88 | 0x0013E388 | 0x00000090 |
| _cexit | - | 0x1400F61A8 | 0x0013FD90 | 0x0013E390 | 0x000000C1 |
| _exit | - | 0x1400F61B0 | 0x0013FD98 | 0x0013E398 | 0x0000010E |
| exit | - | 0x1400F61B8 | 0x0013FDA0 | 0x0013E3A0 | 0x00000432 |
| __set_app_type | - | 0x1400F61C0 | 0x0013FDA8 | 0x0013E3A8 | 0x0000008E |
| __wgetmainargs | - | 0x1400F61C8 | 0x0013FDB0 | 0x0013E3B0 | 0x0000009D |
| _amsg_exit | - | 0x1400F61D0 | 0x0013FDB8 | 0x0013E3B8 | 0x000000AE |
| _XcptFilter | - | 0x1400F61D8 | 0x0013FDC0 | 0x0013E3C0 | 0x00000055 |
| _CxxThrowException | - | 0x1400F61E0 | 0x0013FDC8 | 0x0013E3C8 | 0x0000004B |
| __C_specific_handler | - | 0x1400F61E8 | 0x0013FDD0 | 0x0013E3D0 | 0x00000057 |
| _onexit | - | 0x1400F61F0 | 0x0013FDD8 | 0x0013E3D8 | 0x00000290 |
| _itoa_s | - | 0x1400F61F8 | 0x0013FDE0 | 0x0013E3E0 | 0x000001D8 |
| memcmp | - | 0x1400F6200 | 0x0013FDE8 | 0x0013E3E8 | 0x00000491 |
| memcpy | - | 0x1400F6208 | 0x0013FDF0 | 0x0013E3F0 | 0x00000492 |
| memset | - | 0x1400F6210 | 0x0013FDF8 | 0x0013E3F8 | 0x00000496 |
| wcscpy_s | - | 0x1400F6218 | 0x0013FE00 | 0x0013E400 | 0x00000505 |
| towupper | - | 0x1400F6220 | 0x0013FE08 | 0x0013E408 | 0x000004EC |
| iswlower | - | 0x1400F6228 | 0x0013FE10 | 0x0013E410 | 0x00000475 |
| towlower | - | 0x1400F6230 | 0x0013FE18 | 0x0013E418 | 0x000004EB |
| iswupper | - | 0x1400F6238 | 0x0013FE20 | 0x0013E420 | 0x00000479 |
| sscanf_s | - | 0x1400F6240 | 0x0013FE28 | 0x0013E428 | 0x000004BE |
| strpbrk | - | 0x1400F6248 | 0x0013FE30 | 0x0013E430 | 0x000004D1 |
| strcpy_s | - | 0x1400F6250 | 0x0013FE38 | 0x0013E438 | 0x000004C5 |
| strspn | - | 0x1400F6258 | 0x0013FE40 | 0x0013E440 | 0x000004D3 |
| fwrite | - | 0x1400F6260 | 0x0013FE48 | 0x0013E448 | 0x00000457 |
| ftell | - | 0x1400F6268 | 0x0013FE50 | 0x0013E450 | 0x00000454 |
| _fileno | - | 0x1400F6270 | 0x0013FE58 | 0x0013E458 | 0x0000011B |
| _setmode | - | 0x1400F6278 | 0x0013FE60 | 0x0013E460 | 0x000002C8 |
| wcstoul | - | 0x1400F6280 | 0x0013FE68 | 0x0013E468 | 0x0000051B |
| fgetws | - | 0x1400F6288 | 0x0013FE70 | 0x0013E470 | 0x0000043E |
| feof | - | 0x1400F6290 | 0x0013FE78 | 0x0013E478 | 0x00000437 |
| fgetc | - | 0x1400F6298 | 0x0013FE80 | 0x0013E480 | 0x0000043A |
| _wfopen | - | 0x1400F62A0 | 0x0013FE88 | 0x0013E488 | 0x000003C3 |
| fputws | - | 0x1400F62A8 | 0x0013FE90 | 0x0013E490 | 0x0000044A |
| atoi | - | 0x1400F62B0 | 0x0013FE98 | 0x0013E498 | 0x00000420 |
| isdigit | - | 0x1400F62B8 | 0x0013FEA0 | 0x0013E4A0 | 0x00000466 |
| _wgetenv | - | 0x1400F62C0 | 0x0013FEA8 | 0x0013E4A8 | 0x000003CC |
| iswxdigit | - | 0x1400F62C8 | 0x0013FEB0 | 0x0013E4B0 | 0x0000047A |
| _wsetlocale | - | 0x1400F62D0 | 0x0013FEB8 | 0x0013E4B8 | 0x000003EA |
| iswalpha | - | 0x1400F62D8 | 0x0013FEC0 | 0x0013E4C0 | 0x0000046F |
| isxdigit | - | 0x1400F62E0 | 0x0013FEC8 | 0x0013E4C8 | 0x0000047B |
| __isascii | - | 0x1400F62E8 | 0x0013FED0 | 0x0013E4D0 | 0x00000082 |
| gmtime | - | 0x1400F62F0 | 0x0013FED8 | 0x0013E4D8 | 0x00000461 |
| vfwprintf | - | 0x1400F62F8 | 0x0013FEE0 | 0x0013E4E0 | 0x000004F2 |
| iswspace | - | 0x1400F6300 | 0x0013FEE8 | 0x0013E4E8 | 0x00000478 |
| __iob_func | - | 0x1400F6308 | 0x0013FEF0 | 0x0013E4F0 | 0x00000081 |
| _callnewh | - | 0x1400F6310 | 0x0013FEF8 | 0x0013E4F8 | 0x000000BF |
| ?what@exception@@UEBAPEBDXZ | - | 0x1400F6318 | 0x0013FF00 | 0x0013E500 | 0x00000031 |
| ??1exception@@UEAA@XZ | - | 0x1400F6320 | 0x0013FF08 | 0x0013E508 | 0x00000011 |
| ??0exception@@QEAA@AEBV0@@Z | - | 0x1400F6328 | 0x0013FF10 | 0x0013E510 | 0x0000000C |
| ??0exception@@QEAA@AEBQEBDH@Z | - | 0x1400F6330 | 0x0013FF18 | 0x0013E518 | 0x0000000B |
| malloc | - | 0x1400F6338 | 0x0013FF20 | 0x0013E520 | 0x00000486 |
| fprintf | - | 0x1400F6340 | 0x0013FF28 | 0x0013E528 | 0x00000445 |
| _strlwr | - | 0x1400F6348 | 0x0013FF30 | 0x0013E530 | 0x000002FE |
| _swab | - | 0x1400F6350 | 0x0013FF38 | 0x0013E538 | 0x0000031B |
| ferror | - | 0x1400F6358 | 0x0013FF40 | 0x0013E540 | 0x00000438 |
| fseek | - | 0x1400F6360 | 0x0013FF48 | 0x0013E548 | 0x00000452 |
| strcmp | - | 0x1400F6368 | 0x0013FF50 | 0x0013E550 | 0x000004C2 |
| strcat_s | - | 0x1400F6370 | 0x0013FF58 | 0x0013E558 | 0x000004C0 |
| _wcsicmp | - | 0x1400F6378 | 0x0013FF60 | 0x0013E560 | 0x0000038A |
| _vsnwprintf | - | 0x1400F6380 | 0x0013FF68 | 0x0013E568 | 0x00000369 |
| iswdigit | - | 0x1400F6388 | 0x0013FF70 | 0x0013E570 | 0x00000473 |
| wcsrchr | - | 0x1400F6390 | 0x0013FF78 | 0x0013E578 | 0x00000510 |
| wcschr | - | 0x1400F6398 | 0x0013FF80 | 0x0013E580 | 0x00000501 |
| memmove | - | 0x1400F63A0 | 0x0013FF88 | 0x0013E588 | 0x00000494 |
| wcstok | - | 0x1400F63A8 | 0x0013FF90 | 0x0013E590 | 0x00000516 |
| fwprintf | - | 0x1400F63B0 | 0x0013FF98 | 0x0013E598 | 0x00000455 |
| _wfopen_s | - | 0x1400F63B8 | 0x0013FFA0 | 0x0013E5A0 | 0x000003C4 |
| fclose | - | 0x1400F63C0 | 0x0013FFA8 | 0x0013E5A8 | 0x00000436 |
| _purecall | - | 0x1400F63C8 | 0x0013FFB0 | 0x0013E5B0 | 0x0000029E |
| fflush | - | 0x1400F63D0 | 0x0013FFB8 | 0x0013E5B8 | 0x00000439 |
| _fgetwchar | - | 0x1400F63D8 | 0x0013FFC0 | 0x0013E5C0 | 0x00000116 |
| wcsspn | - | 0x1400F63E0 | 0x0013FFC8 | 0x0013E5C8 | 0x00000513 |
| _wcsnicmp | - | 0x1400F63E8 | 0x0013FFD0 | 0x0013E5D0 | 0x00000394 |
| ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z | - | 0x1400F63F0 | 0x0013FFD8 | 0x0013E5D8 | 0x00000028 |
| qsort | - | 0x1400F63F8 | 0x0013FFE0 | 0x0013E5E0 | 0x000004A4 |
| wcscspn | - | 0x1400F6400 | 0x0013FFE8 | 0x0013E5E8 | 0x00000506 |
| getenv | - | 0x1400F6408 | 0x0013FFF0 | 0x0013E5F0 | 0x0000045C |
| free | - | 0x1400F6410 | 0x0013FFF8 | 0x0013E5F8 | 0x0000044C |
| wcscmp | - | 0x1400F6418 | 0x00140000 | 0x0013E600 | 0x00000502 |
| _strnicmp | - | 0x1400F6420 | 0x00140008 | 0x0013E608 | 0x00000304 |
| swscanf | - | 0x1400F6428 | 0x00140010 | 0x0013E610 | 0x000004DD |
| _stricmp | - | 0x1400F6430 | 0x00140018 | 0x0013E618 | 0x000002FA |
| _wtoi | - | 0x1400F6438 | 0x00140020 | 0x0013E620 | 0x00000405 |
| _vsnprintf | - | 0x1400F6440 | 0x00140028 | 0x0013E628 | 0x00000363 |
| _wcslwr | - | 0x1400F6448 | 0x00140030 | 0x0013E630 | 0x0000038E |
| strncmp | - | 0x1400F6450 | 0x00140038 | 0x0013E638 | 0x000004CD |
| strcspn | - | 0x1400F6458 | 0x00140040 | 0x0013E640 | 0x000004C6 |
| wcsstr | - | 0x1400F6460 | 0x00140048 | 0x0013E648 | 0x00000514 |
| strstr | - | 0x1400F6468 | 0x00140050 | 0x0013E650 | 0x000004D4 |
| wcsncmp | - | 0x1400F6470 | 0x00140058 | 0x0013E658 | 0x0000050B |
| _ultow | - | 0x1400F6478 | 0x00140060 | 0x0013E660 | 0x0000033A |
| bsearch | - | 0x1400F6480 | 0x00140068 | 0x0013E668 | 0x00000422 |
| fopen | - | 0x1400F6488 | 0x00140070 | 0x0013E670 | 0x00000443 |
| fgets | - | 0x1400F6490 | 0x00140078 | 0x0013E678 | 0x0000043C |
| strchr | - | 0x1400F6498 | 0x00140080 | 0x0013E680 | 0x000004C1 |
| fputs | - | 0x1400F64A0 | 0x00140088 | 0x0013E688 | 0x00000448 |
certcli.dll (71)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| None | 0x000000E1 | 0x1400F5F00 | 0x0013FAE8 | 0x0013E0E8 | - |
| None | 0x00000166 | 0x1400F5F08 | 0x0013FAF0 | 0x0013E0F0 | - |
| None | 0x000000CF | 0x1400F5F10 | 0x0013FAF8 | 0x0013E0F8 | - |
| None | 0x00000167 | 0x1400F5F18 | 0x0013FB00 | 0x0013E100 | - |
| None | 0x000000F6 | 0x1400F5F20 | 0x0013FB08 | 0x0013E108 | - |
| None | 0x000000D2 | 0x1400F5F28 | 0x0013FB10 | 0x0013E110 | - |
| None | 0x000000DF | 0x1400F5F30 | 0x0013FB18 | 0x0013E118 | - |
| None | 0x00000168 | 0x1400F5F38 | 0x0013FB20 | 0x0013E120 | - |
| None | 0x000000D5 | 0x1400F5F40 | 0x0013FB28 | 0x0013E128 | - |
| None | 0x000000CD | 0x1400F5F48 | 0x0013FB30 | 0x0013E130 | - |
| None | 0x00000164 | 0x1400F5F50 | 0x0013FB38 | 0x0013E138 | - |
| CAEnumCertTypesEx | - | 0x1400F5F58 | 0x0013FB40 | 0x0013E140 | 0x0000001C |
| CAFindCertTypeByName | - | 0x1400F5F60 | 0x0013FB48 | 0x0013E148 | 0x00000025 |
| None | 0x00000102 | 0x1400F5F68 | 0x0013FB50 | 0x0013E150 | - |
| CAGetCertTypeFlagsEx | - | 0x1400F5F70 | 0x0013FB58 | 0x0013E158 | 0x00000032 |
| CAGetCertTypePropertyEx | - | 0x1400F5F78 | 0x0013FB60 | 0x0013E160 | 0x00000035 |
| CAFreeCertTypeProperty | - | 0x1400F5F80 | 0x0013FB68 | 0x0013E168 | 0x00000028 |
| CAGetCertTypeKeySpec | - | 0x1400F5F88 | 0x0013FB70 | 0x0013E170 | 0x00000033 |
| CAGetCertTypeExpiration | - | 0x1400F5F90 | 0x0013FB78 | 0x0013E178 | 0x0000002E |
| CACertTypeGetSecurity | - | 0x1400F5F98 | 0x0013FB80 | 0x0013E180 | 0x00000007 |
| CAGetCertTypeExtensions | - | 0x1400F5FA0 | 0x0013FB88 | 0x0013E188 | 0x0000002F |
| CAFreeCertTypeExtensions | - | 0x1400F5FA8 | 0x0013FB90 | 0x0013E190 | 0x00000027 |
| CAEnumCertTypesForCAEx | - | 0x1400F5FB0 | 0x0013FB98 | 0x0013E198 | 0x0000001E |
| CAGetCertTypeProperty | - | 0x1400F5FB8 | 0x0013FBA0 | 0x0013E1A0 | 0x00000034 |
| CACertTypeAccessCheckEx | - | 0x1400F5FC0 | 0x0013FBA8 | 0x0013E1A8 | 0x00000005 |
| CAEnumNextCertType | - | 0x1400F5FC8 | 0x0013FBB0 | 0x0013E1B0 | 0x00000021 |
| CACloseCertType | - | 0x1400F5FD0 | 0x0013FBB8 | 0x0013E1B8 | 0x0000000E |
| None | 0x00000175 | 0x1400F5FD8 | 0x0013FBC0 | 0x0013E1C0 | - |
| CAEnumFirstCA | - | 0x1400F5FE0 | 0x0013FBC8 | 0x0013E1C8 | 0x0000001F |
| CAFindByName | - | 0x1400F5FE8 | 0x0013FBD0 | 0x0013E1D0 | 0x00000024 |
| CAGetCAProperty | - | 0x1400F5FF0 | 0x0013FBD8 | 0x0013E1D8 | 0x0000002C |
| CAFreeCAProperty | - | 0x1400F5FF8 | 0x0013FBE0 | 0x0013E1E0 | 0x00000026 |
| CAEnumNextCA | - | 0x1400F6000 | 0x0013FBE8 | 0x0013E1E8 | 0x00000020 |
| CACloseCA | - | 0x1400F6008 | 0x0013FBF0 | 0x0013E1F0 | 0x0000000D |
| None | 0x0000016A | 0x1400F6010 | 0x0013FBF8 | 0x0013E1F8 | - |
| CAGetCAFlags | - | 0x1400F6018 | 0x0013FC00 | 0x0013E200 | 0x0000002B |
| CAGetCAExpiration | - | 0x1400F6020 | 0x0013FC08 | 0x0013E208 | 0x0000002A |
| CAAccessCheck | - | 0x1400F6028 | 0x0013FC10 | 0x0013E210 | 0x00000000 |
| None | 0x00000169 | 0x1400F6030 | 0x0013FC18 | 0x0013E218 | - |
| CAGetCACertificate | - | 0x1400F6038 | 0x0013FC20 | 0x0013E220 | 0x00000029 |
| CAGetCASecurity | - | 0x1400F6040 | 0x0013FC28 | 0x0013E228 | 0x0000002D |
| CASetCAProperty | - | 0x1400F6048 | 0x0013FC30 | 0x0013E230 | 0x0000004E |
| CAUpdateCAEx | - | 0x1400F6050 | 0x0013FC38 | 0x0013E238 | 0x00000058 |
| CAFindByCertType | - | 0x1400F6058 | 0x0013FC40 | 0x0013E240 | 0x00000022 |
| None | 0x00000100 | 0x1400F6060 | 0x0013FC48 | 0x0013E248 | - |
| None | 0x00000101 | 0x1400F6068 | 0x0013FC50 | 0x0013E250 | - |
| None | 0x000000DA | 0x1400F6070 | 0x0013FC58 | 0x0013E258 | - |
| None | 0x000000FF | 0x1400F6078 | 0x0013FC60 | 0x0013E260 | - |
| None | 0x000000FE | 0x1400F6080 | 0x0013FC68 | 0x0013E268 | - |
| CAEnumCertTypesForCA | - | 0x1400F6088 | 0x0013FC70 | 0x0013E270 | 0x0000001D |
| CACountCertTypes | - | 0x1400F6090 | 0x0013FC78 | 0x0013E278 | 0x00000010 |
| CACertTypeAccessCheck | - | 0x1400F6098 | 0x0013FC80 | 0x0013E280 | 0x00000004 |
| CACountCAs | - | 0x1400F60A0 | 0x0013FC88 | 0x0013E288 | 0x0000000F |
| None | 0x000000D9 | 0x1400F60A8 | 0x0013FC90 | 0x0013E290 | - |
| None | 0x000000F5 | 0x1400F60B0 | 0x0013FC98 | 0x0013E298 | - |
| None | 0x00000172 | 0x1400F60B8 | 0x0013FCA0 | 0x0013E2A0 | - |
| CACreateNewCA | - | 0x1400F60C0 | 0x0013FCA8 | 0x0013E2A8 | 0x00000014 |
| CASetCAFlags | - | 0x1400F60C8 | 0x0013FCB0 | 0x0013E2B0 | 0x0000004D |
| CASetCACertificate | - | 0x1400F60D0 | 0x0013FCB8 | 0x0013E2B8 | 0x0000004B |
| CASetCASecurity | - | 0x1400F60D8 | 0x0013FCC0 | 0x0013E2C0 | 0x0000004F |
| None | 0x0000016E | 0x1400F60E0 | 0x0013FCC8 | 0x0013E2C8 | - |
| CARemoveCACertificateTypeEx | - | 0x1400F60E8 | 0x0013FCD0 | 0x0013E2D0 | 0x0000004A |
| CAAddCACertificateTypeEx | - | 0x1400F60F0 | 0x0013FCD8 | 0x0013E2D8 | 0x00000003 |
| CAUpdateCA | - | 0x1400F60F8 | 0x0013FCE0 | 0x0013E2E0 | 0x00000057 |
| None | 0x000000FC | 0x1400F6100 | 0x0013FCE8 | 0x0013E2E8 | - |
| None | 0x00000105 | 0x1400F6108 | 0x0013FCF0 | 0x0013E2F0 | - |
| None | 0x00000104 | 0x1400F6110 | 0x0013FCF8 | 0x0013E2F8 | - |
| None | 0x000000FD | 0x1400F6118 | 0x0013FD00 | 0x0013E300 | - |
| None | 0x000000CB | 0x1400F6120 | 0x0013FD08 | 0x0013E308 | - |
| None | 0x000000F7 | 0x1400F6128 | 0x0013FD10 | 0x0013E310 | - |
| None | 0x00000165 | 0x1400F6130 | 0x0013FD18 | 0x0013E318 | - |
CRYPT32.dll (118)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptFindOIDInfo | - | 0x1400F52F8 | 0x0013EEE0 | 0x0013D4E0 | 0x00000092 |
| CertGetCertificateContextProperty | - | 0x1400F5300 | 0x0013EEE8 | 0x0013D4E8 | 0x00000046 |
| CertFindExtension | - | 0x1400F5308 | 0x0013EEF0 | 0x0013D4F0 | 0x00000037 |
| CryptEncodeObjectEx | - | 0x1400F5310 | 0x0013EEF8 | 0x0013D4F8 | 0x00000087 |
| CertFreeCertificateContext | - | 0x1400F5318 | 0x0013EF00 | 0x0013D500 | 0x00000040 |
| CertCloseStore | - | 0x1400F5320 | 0x0013EF08 | 0x0013D508 | 0x00000012 |
| CertDuplicateCertificateContext | - | 0x1400F5328 | 0x0013EF10 | 0x0013D510 | 0x00000025 |
| CertEnumCRLsInStore | - | 0x1400F5330 | 0x0013EF18 | 0x0013D518 | 0x00000028 |
| CertFreeCRLContext | - | 0x1400F5338 | 0x0013EF20 | 0x0013D520 | 0x0000003B |
| CertCreateCRLContext | - | 0x1400F5340 | 0x0013EF28 | 0x0013D528 | 0x00000018 |
| PFXExportCertStoreEx | - | 0x1400F5348 | 0x0013EF30 | 0x0013D530 | 0x00000120 |
| PFXExportCertStore | - | 0x1400F5350 | 0x0013EF38 | 0x0013D538 | 0x0000011E |
| CryptFreeOIDFunctionAddress | - | 0x1400F5358 | 0x0013EF40 | 0x0013D540 | 0x00000094 |
| CryptGetOIDFunctionAddress | - | 0x1400F5360 | 0x0013EF48 | 0x0013D548 | 0x0000009B |
| CryptInitOIDFunctionSet | - | 0x1400F5368 | 0x0013EF50 | 0x0013D550 | 0x000000A6 |
| CertNameToStrW | - | 0x1400F5370 | 0x0013EF58 | 0x0013D558 | 0x00000056 |
| CertStrToNameW | - | 0x1400F5378 | 0x0013EF60 | 0x0013D560 | 0x00000070 |
| CryptFormatObject | - | 0x1400F5380 | 0x0013EF68 | 0x0013D568 | 0x00000093 |
| CryptDecryptMessage | - | 0x1400F5388 | 0x0013EF70 | 0x0013D570 | 0x00000085 |
| CryptEncryptMessage | - | 0x1400F5390 | 0x0013EF78 | 0x0013D578 | 0x00000088 |
| CryptSignMessage | - | 0x1400F5398 | 0x0013EF80 | 0x0013D580 | 0x000000DC |
| CertAddCertificateLinkToStore | - | 0x1400F53A0 | 0x0013EF88 | 0x0013D588 | 0x00000005 |
| CertGetIntendedKeyUsage | - | 0x1400F53A8 | 0x0013EF90 | 0x0013D590 | 0x00000048 |
| CryptHashPublicKeyInfo | - | 0x1400F53B0 | 0x0013EF98 | 0x0013D598 | 0x000000A0 |
| CryptSignCertificate | - | 0x1400F53B8 | 0x0013EFA0 | 0x0013D5A0 | 0x000000DB |
| CryptExportPublicKeyInfoEx | - | 0x1400F53C0 | 0x0013EFA8 | 0x0013D5A8 | 0x0000008E |
| CryptMsgOpenToDecode | - | 0x1400F53C8 | 0x0013EFB0 | 0x0013D5B0 | 0x000000B6 |
| CryptStringToBinaryW | - | 0x1400F53D0 | 0x0013EFB8 | 0x0013D5B8 | 0x000000DF |
| CryptSignAndEncodeCertificate | - | 0x1400F53D8 | 0x0013EFC0 | 0x0013D5C0 | 0x000000D9 |
| CryptImportPublicKeyInfoEx2 | - | 0x1400F53E0 | 0x0013EFC8 | 0x0013D5C8 | 0x000000A5 |
| CertDuplicateStore | - | 0x1400F53E8 | 0x0013EFD0 | 0x0013D5D0 | 0x00000026 |
| CryptMsgUpdate | - | 0x1400F53F0 | 0x0013EFD8 | 0x0013D5D8 | 0x000000B9 |
| CryptMsgOpenToEncode | - | 0x1400F53F8 | 0x0013EFE0 | 0x0013D5E0 | 0x000000B7 |
| CertOpenServerOcspResponse | - | 0x1400F5400 | 0x0013EFE8 | 0x0013D5E8 | 0x00000058 |
| I_CryptWalkAllLruCacheEntries | - | 0x1400F5408 | 0x0013EFF0 | 0x0013D5F0 | 0x0000011C |
| I_CryptRemoveLruEntry | - | 0x1400F5410 | 0x0013EFF8 | 0x0013D5F8 | 0x00000116 |
| I_CryptGetLruEntryData | - | 0x1400F5418 | 0x0013F000 | 0x0013D600 | 0x0000010C |
| I_CryptFindLruEntry | - | 0x1400F5420 | 0x0013F008 | 0x0013D608 | 0x00000101 |
| I_CryptReleaseLruEntry | - | 0x1400F5428 | 0x0013F010 | 0x0013D610 | 0x00000115 |
| I_CryptInsertLruEntry | - | 0x1400F5430 | 0x0013F018 | 0x0013D618 | 0x00000110 |
| I_CryptCreateLruEntry | - | 0x1400F5438 | 0x0013F020 | 0x0013D620 | 0x000000FC |
| CertCloseServerOcspResponse | - | 0x1400F5440 | 0x0013F028 | 0x0013D628 | 0x00000011 |
| I_CryptFreeLruCache | - | 0x1400F5448 | 0x0013F030 | 0x0013D630 | 0x00000105 |
| I_CryptCreateLruCache | - | 0x1400F5450 | 0x0013F038 | 0x0013D638 | 0x000000FB |
| CryptMsgEncodeAndSignCTL | - | 0x1400F5458 | 0x0013F040 | 0x0013D640 | 0x000000B3 |
| CertGetNameStringA | - | 0x1400F5460 | 0x0013F048 | 0x0013D648 | 0x0000004A |
| CertSetCertificateContextPropertiesFromCTLEntry | - | 0x1400F5468 | 0x0013F050 | 0x0013D650 | 0x0000006B |
| CertCreateContext | - | 0x1400F5470 | 0x0013F058 | 0x0013D658 | 0x0000001D |
| I_CertProtectFunction | - | 0x1400F5478 | 0x0013F060 | 0x0013D660 | 0x000000F3 |
| CertAddStoreToCollection | - | 0x1400F5480 | 0x0013F068 | 0x0013D668 | 0x0000000F |
| CertVerifyCertificateChainPolicy | - | 0x1400F5488 | 0x0013F070 | 0x0013D670 | 0x00000076 |
| CryptMemFree | - | 0x1400F5490 | 0x0013F078 | 0x0013D678 | 0x000000AB |
| CertVerifySubjectCertificateContext | - | 0x1400F5498 | 0x0013F080 | 0x0013D680 | 0x00000078 |
| CryptVerifyCertificateSignatureEx | - | 0x1400F54A0 | 0x0013F088 | 0x0013D688 | 0x000000E8 |
| CertGetEnhancedKeyUsage | - | 0x1400F54A8 | 0x0013F090 | 0x0013D690 | 0x00000047 |
| CertVerifyCRLTimeValidity | - | 0x1400F54B0 | 0x0013F098 | 0x0013D698 | 0x00000074 |
| CertVerifyRevocation | - | 0x1400F54B8 | 0x0013F0A0 | 0x0013D6A0 | 0x00000077 |
| CertVerifyTimeValidity | - | 0x1400F54C0 | 0x0013F0A8 | 0x0013D6A8 | 0x00000079 |
| CryptVerifyCertificateSignature | - | 0x1400F54C8 | 0x0013F0B0 | 0x0013D6B0 | 0x000000E7 |
| CryptEnumKeyIdentifierProperties | - | 0x1400F54D0 | 0x0013F0B8 | 0x0013D6B8 | 0x00000089 |
| CryptImportPublicKeyInfo | - | 0x1400F54D8 | 0x0013F0C0 | 0x0013D6C0 | 0x000000A3 |
| CertDuplicateCRLContext | - | 0x1400F54E0 | 0x0013F0C8 | 0x0013D6C8 | 0x00000022 |
| CertDeleteCRLFromStore | - | 0x1400F54E8 | 0x0013F0D0 | 0x0013D6D0 | 0x0000001F |
| CertCreateCTLContext | - | 0x1400F54F0 | 0x0013F0D8 | 0x0013D6D8 | 0x00000019 |
| CertAddCTLContextToStore | - | 0x1400F54F8 | 0x0013F0E0 | 0x0013D6E0 | 0x00000002 |
| CertAddCRLContextToStore | - | 0x1400F5500 | 0x0013F0E8 | 0x0013D6E8 | 0x00000000 |
| CertEnumSystemStore | - | 0x1400F5508 | 0x0013F0F0 | 0x0013D6F0 | 0x0000002F |
| CertEnumSystemStoreLocation | - | 0x1400F5510 | 0x0013F0F8 | 0x0013D6F8 | 0x00000030 |
| CertEnumPhysicalStore | - | 0x1400F5518 | 0x0013F100 | 0x0013D700 | 0x0000002D |
| CertControlStore | - | 0x1400F5520 | 0x0013F108 | 0x0013D708 | 0x00000017 |
| CertSaveStore | - | 0x1400F5528 | 0x0013F110 | 0x0013D710 | 0x00000064 |
| CryptFindLocalizedName | - | 0x1400F5530 | 0x0013F118 | 0x0013D718 | 0x00000091 |
| CertAddSerializedElementToStore | - | 0x1400F5538 | 0x0013F120 | 0x0013D720 | 0x0000000E |
| CertAddEncodedCTLToStore | - | 0x1400F5540 | 0x0013F128 | 0x0013D728 | 0x00000007 |
| CertAddEncodedCRLToStore | - | 0x1400F5548 | 0x0013F130 | 0x0013D730 | 0x00000006 |
| CertAddEncodedCertificateToStore | - | 0x1400F5550 | 0x0013F138 | 0x0013D738 | 0x00000008 |
| CertFreeCTLContext | - | 0x1400F5558 | 0x0013F140 | 0x0013D740 | 0x0000003C |
| CertSetCTLContextProperty | - | 0x1400F5560 | 0x0013F148 | 0x0013D748 | 0x0000006A |
| CertSetCRLContextProperty | - | 0x1400F5568 | 0x0013F150 | 0x0013D750 | 0x00000069 |
| CryptFindCertificateKeyProvInfo | - | 0x1400F5570 | 0x0013F158 | 0x0013D758 | 0x00000090 |
| CryptAcquireCertificatePrivateKey | - | 0x1400F5578 | 0x0013F160 | 0x0013D760 | 0x0000007B |
| CertEnumCertificateContextProperties | - | 0x1400F5580 | 0x0013F168 | 0x0013D768 | 0x0000002B |
| CertGetCRLContextProperty | - | 0x1400F5588 | 0x0013F170 | 0x0013D770 | 0x00000042 |
| CertEnumCRLContextProperties | - | 0x1400F5590 | 0x0013F178 | 0x0013D778 | 0x00000027 |
| CertGetCTLContextProperty | - | 0x1400F5598 | 0x0013F180 | 0x0013D780 | 0x00000044 |
| CertEnumCTLContextProperties | - | 0x1400F55A0 | 0x0013F188 | 0x0013D788 | 0x00000029 |
| CertSetStoreProperty | - | 0x1400F55A8 | 0x0013F190 | 0x0013D790 | 0x0000006E |
| CertFreeCertificateChain | - | 0x1400F55B0 | 0x0013F198 | 0x0013D798 | 0x0000003D |
| CertGetCertificateChain | - | 0x1400F55B8 | 0x0013F1A0 | 0x0013D7A0 | 0x00000045 |
| CertComparePublicKeyInfo | - | 0x1400F55C0 | 0x0013F1A8 | 0x0013D7A8 | 0x00000016 |
| CryptExportPublicKeyInfo | - | 0x1400F55C8 | 0x0013F1B0 | 0x0013D7B0 | 0x0000008D |
| CertEnumCTLsInStore | - | 0x1400F55D0 | 0x0013F1B8 | 0x0013D7B8 | 0x0000002A |
| CertDeleteCertificateFromStore | - | 0x1400F55D8 | 0x0013F1C0 | 0x0013D7C0 | 0x00000021 |
| CertGetNameStringW | - | 0x1400F55E0 | 0x0013F1C8 | 0x0013D7C8 | 0x0000004B |
| CryptDecodeObjectEx | - | 0x1400F55E8 | 0x0013F1D0 | 0x0013D7D0 | 0x00000083 |
| CryptQueryObject | - | 0x1400F55F0 | 0x0013F1D8 | 0x0013D7D8 | 0x000000C5 |
| CryptMsgGetParam | - | 0x1400F55F8 | 0x0013F1E0 | 0x0013D7E0 | 0x000000B5 |
| CryptMsgGetAndVerifySigner | - | 0x1400F5600 | 0x0013F1E8 | 0x0013D7E8 | 0x000000B4 |
| CryptMsgControl | - | 0x1400F5608 | 0x0013F1F0 | 0x0013D7F0 | 0x000000AF |
| CertFindCertificateInStore | - | 0x1400F5610 | 0x0013F1F8 | 0x0013D7F8 | 0x00000035 |
| CertEnumCertificatesInStore | - | 0x1400F5618 | 0x0013F200 | 0x0013D800 | 0x0000002C |
| PFXIsPFXBlob | - | 0x1400F5620 | 0x0013F208 | 0x0013D808 | 0x00000122 |
| PFXImportCertStore | - | 0x1400F5628 | 0x0013F210 | 0x0013D810 | 0x00000121 |
| CryptImportPKCS8 | - | 0x1400F5630 | 0x0013F218 | 0x0013D818 | 0x000000A2 |
| CertGetPublicKeyLength | - | 0x1400F5638 | 0x0013F220 | 0x0013D820 | 0x0000004C |
| CryptMsgClose | - | 0x1400F5640 | 0x0013F228 | 0x0013D828 | 0x000000AE |
| CertAddCertificateContextToStore | - | 0x1400F5648 | 0x0013F230 | 0x0013D830 | 0x00000004 |
| CertSetCertificateContextProperty | - | 0x1400F5650 | 0x0013F238 | 0x0013D838 | 0x0000006C |
| CertOpenStore | - | 0x1400F5658 | 0x0013F240 | 0x0013D840 | 0x00000059 |
| CryptGetKeyIdentifierProperty | - | 0x1400F5660 | 0x0013F248 | 0x0013D848 | 0x00000098 |
| CertFindAttribute | - | 0x1400F5668 | 0x0013F250 | 0x0013D850 | 0x00000031 |
| CryptHashCertificate2 | - | 0x1400F5670 | 0x0013F258 | 0x0013D858 | 0x0000009E |
| CryptHashCertificate | - | 0x1400F5678 | 0x0013F260 | 0x0013D860 | 0x0000009D |
| CertCompareCertificateName | - | 0x1400F5680 | 0x0013F268 | 0x0013D868 | 0x00000014 |
| CryptDecodeObject | - | 0x1400F5688 | 0x0013F270 | 0x0013D870 | 0x00000082 |
| CryptRegisterOIDInfo | - | 0x1400F5690 | 0x0013F278 | 0x0013D878 | 0x000000C8 |
| CertCreateCertificateContext | - | 0x1400F5698 | 0x0013F280 | 0x0013D880 | 0x0000001C |
| CryptEnumOIDInfo | - | 0x1400F56A0 | 0x0013F288 | 0x0013D888 | 0x0000008B |
Cabinet.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| None | 0x00000016 | 0x1400F56D0 | 0x0013F2B8 | 0x0013D8B8 | - |
| None | 0x00000015 | 0x1400F56D8 | 0x0013F2C0 | 0x0013D8C0 | - |
| None | 0x00000014 | 0x1400F56E0 | 0x0013F2C8 | 0x0013D8C8 | - |
| None | 0x00000017 | 0x1400F56E8 | 0x0013F2D0 | 0x0013D8D0 | - |
COMCTL32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| InitCommonControlsEx | - | 0x1400F52E8 | 0x0013EED0 | 0x0013D4D0 | 0x0000007C |
CRYPTUI.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CryptUIDlgViewCRLW | - | 0x1400F56B0 | 0x0013F298 | 0x0013D898 | 0x00000016 |
| CryptUIDlgFreeCAContext | - | 0x1400F56B8 | 0x0013F2A0 | 0x0013D8A0 | 0x0000000B |
| CryptUIDlgViewCertificateW | - | 0x1400F56C0 | 0x0013F2A8 | 0x0013D8A8 | 0x0000001C |
GDI32.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetStockObject | - | 0x1400F56F8 | 0x0013F2E0 | 0x0013D8E0 | 0x0000026D |
ncrypt.dll (49)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NCryptIsKeyHandle | - | 0x1400F64B0 | 0x00140098 | 0x0013E698 | 0x00000050 |
| NCryptFreeObject | - | 0x1400F64B8 | 0x001400A0 | 0x0013E6A0 | 0x0000004B |
| NCryptOpenStorageProvider | - | 0x1400F64C0 | 0x001400A8 | 0x0013E6A8 | 0x00000055 |
| NCryptImportKey | - | 0x1400F64C8 | 0x001400B0 | 0x0013E6B0 | 0x0000004E |
| NCryptSetProperty | - | 0x1400F64D0 | 0x001400B8 | 0x0013E6B8 | 0x0000005C |
| NCryptFinalizeKey | - | 0x1400F64D8 | 0x001400C0 | 0x0013E6C0 | 0x00000049 |
| BCryptSetProperty | - | 0x1400F64E0 | 0x001400C8 | 0x0013E6C8 | 0x00000033 |
| BCryptGetProperty | - | 0x1400F64E8 | 0x001400D0 | 0x0013E6D0 | 0x00000020 |
| BCryptDestroyKey | - | 0x1400F64F0 | 0x001400D8 | 0x0013E6D8 | 0x0000000D |
| BCryptCloseAlgorithmProvider | - | 0x1400F64F8 | 0x001400E0 | 0x0013E6E0 | 0x00000002 |
| SslEnumProtocolProviders | - | 0x1400F6500 | 0x001400E8 | 0x0013E6E8 | 0x00000075 |
| SslOpenProvider | - | 0x1400F6508 | 0x001400F0 | 0x0013E6F0 | 0x00000087 |
| SslFreeBuffer | - | 0x1400F6510 | 0x001400F8 | 0x0013E6F8 | 0x00000078 |
| SslFreeObject | - | 0x1400F6518 | 0x00140100 | 0x0013E700 | 0x00000079 |
| NCryptGetProperty | - | 0x1400F6520 | 0x00140108 | 0x0013E708 | 0x0000004C |
| BCryptFreeBuffer | - | 0x1400F6528 | 0x00140110 | 0x0013E710 | 0x0000001B |
| BCryptOpenAlgorithmProvider | - | 0x1400F6530 | 0x00140118 | 0x0013E718 | 0x00000026 |
| BCryptCreateHash | - | 0x1400F6538 | 0x00140120 | 0x0013E720 | 0x00000006 |
| BCryptHashData | - | 0x1400F6540 | 0x00140128 | 0x0013E728 | 0x00000022 |
| BCryptFinishHash | - | 0x1400F6548 | 0x00140130 | 0x0013E730 | 0x0000001A |
| BCryptDestroyHash | - | 0x1400F6550 | 0x00140138 | 0x0013E738 | 0x0000000C |
| BCryptDecrypt | - | 0x1400F6558 | 0x00140140 | 0x0013E740 | 0x00000007 |
| BCryptEncrypt | - | 0x1400F6560 | 0x00140148 | 0x0013E748 | 0x00000011 |
| BCryptExportKey | - | 0x1400F6568 | 0x00140150 | 0x0013E750 | 0x00000018 |
| BCryptGenRandom | - | 0x1400F6570 | 0x00140158 | 0x0013E758 | 0x0000001C |
| BCryptSignHash | - | 0x1400F6578 | 0x00140160 | 0x0013E760 | 0x00000034 |
| BCryptVerifySignature | - | 0x1400F6580 | 0x00140168 | 0x0013E768 | 0x00000037 |
| NCryptCreatePersistedKey | - | 0x1400F6588 | 0x00140170 | 0x0013E770 | 0x0000003E |
| NCryptDecrypt | - | 0x1400F6590 | 0x00140178 | 0x0013E778 | 0x00000040 |
| NCryptDeleteKey | - | 0x1400F6598 | 0x00140180 | 0x0013E780 | 0x00000041 |
| NCryptDeriveKey | - | 0x1400F65A0 | 0x00140188 | 0x0013E788 | 0x00000042 |
| NCryptEncrypt | - | 0x1400F65A8 | 0x00140190 | 0x0013E790 | 0x00000044 |
| NCryptExportKey | - | 0x1400F65B0 | 0x00140198 | 0x0013E798 | 0x00000048 |
| NCryptOpenKey | - | 0x1400F65B8 | 0x001401A0 | 0x0013E7A0 | 0x00000053 |
| NCryptSecretAgreement | - | 0x1400F65C0 | 0x001401A8 | 0x0013E7A8 | 0x0000005A |
| NCryptSignHash | - | 0x1400F65C8 | 0x001401B0 | 0x0013E7B0 | 0x0000005D |
| NCryptVerifySignature | - | 0x1400F65D0 | 0x001401B8 | 0x0013E7B8 | 0x00000067 |
| NCryptEnumAlgorithms | - | 0x1400F65D8 | 0x001401C0 | 0x0013E7C0 | 0x00000045 |
| NCryptIsAlgSupported | - | 0x1400F65E0 | 0x001401C8 | 0x0013E7C8 | 0x0000004F |
| NCryptEnumKeys | - | 0x1400F65E8 | 0x001401D0 | 0x0013E7D0 | 0x00000046 |
| NCryptEnumStorageProviders | - | 0x1400F65F0 | 0x001401D8 | 0x0013E7D8 | 0x00000047 |
| NCryptFreeBuffer | - | 0x1400F65F8 | 0x001401E0 | 0x0013E7E0 | 0x0000004A |
| BCryptEnumAlgorithms | - | 0x1400F6600 | 0x001401E8 | 0x0013E7E8 | 0x00000012 |
| BCryptGenerateKeyPair | - | 0x1400F6608 | 0x001401F0 | 0x0013E7F0 | 0x0000001D |
| BCryptQueryProviderRegistration | - | 0x1400F6610 | 0x001401F8 | 0x0013E7F8 | 0x0000002A |
| BCryptEnumContexts | - | 0x1400F6618 | 0x00140200 | 0x0013E800 | 0x00000015 |
| BCryptQueryContextConfiguration | - | 0x1400F6620 | 0x00140208 | 0x0013E808 | 0x00000027 |
| BCryptEnumContextFunctions | - | 0x1400F6628 | 0x00140210 | 0x0013E810 | 0x00000014 |
| BCryptResolveProviders | - | 0x1400F6630 | 0x00140218 | 0x0013E818 | 0x0000002F |
NETAPI32.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DsGetSiteNameW | - | 0x1400F5B00 | 0x0013F6E8 | 0x0013DCE8 | 0x0000001B |
| NetApiBufferFree | - | 0x1400F5B08 | 0x0013F6F0 | 0x0013DCF0 | 0x00000059 |
| NetUserGetGroups | - | 0x1400F5B10 | 0x0013F6F8 | 0x0013DCF8 | 0x000000F6 |
| DsRoleGetPrimaryDomainInformation | - | 0x1400F5B18 | 0x0013F700 | 0x0013DD00 | 0x0000001E |
| DsRoleFreeMemory | - | 0x1400F5B20 | 0x0013F708 | 0x0013DD08 | 0x0000001D |
| DsGetDcNameW | - | 0x1400F5B28 | 0x0013F710 | 0x0013DD10 | 0x00000010 |
Normaliz.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| IdnToAscii | - | 0x1400F5B70 | 0x0013F758 | 0x0013DD58 | 0x00000000 |
| IdnToUnicode | - | 0x1400F5B78 | 0x0013F760 | 0x0013DD60 | 0x00000002 |
ntdll.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RtlTimeToSecondsSince1970 | - | 0x1400F6640 | 0x00140228 | 0x0013E828 | 0x0000054C |
| NtQuerySystemTime | - | 0x1400F6648 | 0x00140230 | 0x0013E830 | 0x000001D9 |
| WinSqmIncrementDWORD | - | 0x1400F6650 | 0x00140238 | 0x0013E838 | 0x00000635 |
| RtlCaptureContext | - | 0x1400F6658 | 0x00140240 | 0x0013E840 | 0x000002C9 |
| RtlLookupFunctionEntry | - | 0x1400F6660 | 0x00140248 | 0x0013E848 | 0x0000047B |
| RtlVirtualUnwind | - | 0x1400F6668 | 0x00140250 | 0x0013E850 | 0x0000058F |
NTDSAPI.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DsFreeNameResultW | - | 0x1400F5B38 | 0x0013F720 | 0x0013DD20 | 0x00000024 |
| DsUnBindW | - | 0x1400F5B40 | 0x0013F728 | 0x0013DD28 | 0x00000074 |
| DsCrackNamesW | - | 0x1400F5B48 | 0x0013F730 | 0x0013DD30 | 0x00000014 |
| DsGetDomainControllerInfoW | - | 0x1400F5B50 | 0x0013F738 | 0x0013DD38 | 0x00000032 |
| DsFreeDomainControllerInfoW | - | 0x1400F5B58 | 0x0013F740 | 0x0013DD40 | 0x00000021 |
| DsBindW | - | 0x1400F5B60 | 0x0013F748 | 0x0013DD48 | 0x00000008 |
SETUPAPI.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetupOpenInfFileW | - | 0x1400F5C60 | 0x0013F848 | 0x0013DE48 | 0x00000209 |
| SetupFindFirstLineW | - | 0x1400F5C68 | 0x0013F850 | 0x0013DE50 | 0x000001BF |
| SetupGetFieldCount | - | 0x1400F5C70 | 0x0013F858 | 0x0013DE58 | 0x000001C8 |
| SetupFindNextLine | - | 0x1400F5C78 | 0x0013F860 | 0x0013DE60 | 0x000001C0 |
| SetupGetStringFieldW | - | 0x1400F5C80 | 0x0013F868 | 0x0013DE68 | 0x000001E9 |
| SetupCloseInfFile | - | 0x1400F5C88 | 0x0013F870 | 0x0013DE70 | 0x00000107 |
| SetupGetIntField | - | 0x1400F5C90 | 0x0013F878 | 0x0013DE78 | 0x000001D8 |
| SetupGetLineCountW | - | 0x1400F5C98 | 0x0013F880 | 0x0013DE80 | 0x000001DC |
SHELL32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SHGetFolderPathW | - | 0x1400F5CA8 | 0x0013F890 | 0x0013DE90 | 0x00000157 |
| SHGetKnownFolderPath | - | 0x1400F5CB0 | 0x0013F898 | 0x0013DE98 | 0x00000161 |
VERSION.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileVersionInfoW | - | 0x1400F5E00 | 0x0013F9E8 | 0x0013DFE8 | 0x00000008 |
| GetFileVersionInfoSizeW | - | 0x1400F5E08 | 0x0013F9F0 | 0x0013DFF0 | 0x00000007 |
| VerQueryValueW | - | 0x1400F5E10 | 0x0013F9F8 | 0x0013DFF8 | 0x00000010 |
WLDAP32.dll (27)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| None | 0x00000010 | 0x1400F5E20 | 0x0013FA08 | 0x0013E008 | - |
| None | 0x0000000C | 0x1400F5E28 | 0x0013FA10 | 0x0013E010 | - |
| None | 0x00000012 | 0x1400F5E30 | 0x0013FA18 | 0x0013E018 | - |
| None | 0x0000000E | 0x1400F5E38 | 0x0013FA20 | 0x0013E020 | - |
| None | 0x00000071 | 0x1400F5E40 | 0x0013FA28 | 0x0013E028 | - |
| None | 0x0000008C | 0x1400F5E48 | 0x0013FA30 | 0x0013E030 | - |
| None | 0x000000E0 | 0x1400F5E50 | 0x0013FA38 | 0x0013E038 | - |
| None | 0x0000008E | 0x1400F5E58 | 0x0013FA40 | 0x0013E040 | - |
| None | 0x0000004F | 0x1400F5E60 | 0x0013FA48 | 0x0013E048 | - |
| None | 0x0000007F | 0x1400F5E68 | 0x0013FA50 | 0x0013E050 | - |
| None | 0x000000A7 | 0x1400F5E70 | 0x0013FA58 | 0x0013E058 | - |
| None | 0x00000093 | 0x1400F5E78 | 0x0013FA60 | 0x0013E060 | - |
| None | 0x000000CE | 0x1400F5E80 | 0x0013FA68 | 0x0013E068 | - |
| None | 0x00000087 | 0x1400F5E88 | 0x0013FA70 | 0x0013E070 | - |
| None | 0x000000CB | 0x1400F5E90 | 0x0013FA78 | 0x0013E078 | - |
| None | 0x00000024 | 0x1400F5E98 | 0x0013FA80 | 0x0013E080 | - |
| None | 0x0000001A | 0x1400F5EA0 | 0x0013FA88 | 0x0013E088 | - |
| None | 0x0000001B | 0x1400F5EA8 | 0x0013FA90 | 0x0013E090 | - |
| None | 0x000000BF | 0x1400F5EB0 | 0x0013FA98 | 0x0013E098 | - |
| None | 0x00000029 | 0x1400F5EB8 | 0x0013FAA0 | 0x0013E0A0 | - |
| None | 0x00000041 | 0x1400F5EC0 | 0x0013FAA8 | 0x0013E0A8 | - |
| None | 0x0000009B | 0x1400F5EC8 | 0x0013FAB0 | 0x0013E0B0 | - |
| None | 0x000000D2 | 0x1400F5ED0 | 0x0013FAB8 | 0x0013E0B8 | - |
| None | 0x0000000D | 0x1400F5ED8 | 0x0013FAC0 | 0x0013E0C0 | - |
| None | 0x00000091 | 0x1400F5EE0 | 0x0013FAC8 | 0x0013E0C8 | - |
| None | 0x00000049 | 0x1400F5EE8 | 0x0013FAD0 | 0x0013E0D0 | - |
| None | 0x000000D0 | 0x1400F5EF0 | 0x0013FAD8 | 0x0013E0D8 | - |
ole32.dll (14)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoTaskMemFree | - | 0x1400F6678 | 0x00140260 | 0x0013E860 | 0x0000008C |
| CoInitialize | - | 0x1400F6680 | 0x00140268 | 0x0013E868 | 0x00000060 |
| CoUninitialize | - | 0x1400F6688 | 0x00140270 | 0x0013E870 | 0x00000090 |
| CoInitializeEx | - | 0x1400F6690 | 0x00140278 | 0x0013E878 | 0x00000061 |
| CoCreateInstance | - | 0x1400F6698 | 0x00140280 | 0x0013E880 | 0x0000002B |
| CLSIDFromString | - | 0x1400F66A0 | 0x00140288 | 0x0013E888 | 0x00000010 |
| CLSIDFromProgID | - | 0x1400F66A8 | 0x00140290 | 0x0013E890 | 0x0000000E |
| StringFromCLSID | - | 0x1400F66B0 | 0x00140298 | 0x0013E898 | 0x0000020A |
| ProgIDFromCLSID | - | 0x1400F66B8 | 0x001402A0 | 0x0013E8A0 | 0x000001C9 |
| CoTaskMemAlloc | - | 0x1400F66C0 | 0x001402A8 | 0x0013E8A8 | 0x0000008B |
| CoCreateInstanceEx | - | 0x1400F66C8 | 0x001402B0 | 0x0013E8B0 | 0x0000002C |
| CoSetProxyBlanket | - | 0x1400F66D0 | 0x001402B8 | 0x0013E8B8 | 0x00000087 |
| StgOpenStorageEx | - | 0x1400F66D8 | 0x001402C0 | 0x0013E8C0 | 0x00000205 |
| PropVariantClear | - | 0x1400F66E0 | 0x001402C8 | 0x0013E8C8 | 0x000001CE |
OLEAUT32.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SysStringLen | 0x00000007 | 0x1400F5B88 | 0x0013F770 | 0x0013DD70 | - |
| VariantCopyInd | 0x0000000B | 0x1400F5B90 | 0x0013F778 | 0x0013DD78 | - |
| CreateErrorInfo | 0x000000CA | 0x1400F5B98 | 0x0013F780 | 0x0013DD80 | - |
| SystemTimeToVariantTime | 0x000000B8 | 0x1400F5BA0 | 0x0013F788 | 0x0013DD88 | - |
| VariantTimeToSystemTime | 0x000000B9 | 0x1400F5BA8 | 0x0013F790 | 0x0013DD90 | - |
| SysAllocStringByteLen | 0x00000096 | 0x1400F5BB0 | 0x0013F798 | 0x0013DD98 | - |
| SafeArrayDestroy | 0x00000010 | 0x1400F5BB8 | 0x0013F7A0 | 0x0013DDA0 | - |
| SafeArrayGetDim | 0x00000011 | 0x1400F5BC0 | 0x0013F7A8 | 0x0013DDA8 | - |
| SafeArrayGetLBound | 0x00000014 | 0x1400F5BC8 | 0x0013F7B0 | 0x0013DDB0 | - |
| SafeArrayGetUBound | 0x00000013 | 0x1400F5BD0 | 0x0013F7B8 | 0x0013DDB8 | - |
| SafeArrayAccessData | 0x00000017 | 0x1400F5BD8 | 0x0013F7C0 | 0x0013DDC0 | - |
| SafeArrayGetElement | 0x00000019 | 0x1400F5BE0 | 0x0013F7C8 | 0x0013DDC8 | - |
| SysFreeString | 0x00000006 | 0x1400F5BE8 | 0x0013F7D0 | 0x0013DDD0 | - |
| SafeArrayUnaccessData | 0x00000018 | 0x1400F5BF0 | 0x0013F7D8 | 0x0013DDD8 | - |
| SysStringByteLen | 0x00000095 | 0x1400F5BF8 | 0x0013F7E0 | 0x0013DDE0 | - |
| VariantInit | 0x00000008 | 0x1400F5C00 | 0x0013F7E8 | 0x0013DDE8 | - |
| VariantClear | 0x00000009 | 0x1400F5C08 | 0x0013F7F0 | 0x0013DDF0 | - |
| SysAllocString | 0x00000002 | 0x1400F5C10 | 0x0013F7F8 | 0x0013DDF8 | - |
| SysAllocStringLen | 0x00000004 | 0x1400F5C18 | 0x0013F800 | 0x0013DE00 | - |
| SafeArrayPutElement | 0x0000001A | 0x1400F5C20 | 0x0013F808 | 0x0013DE08 | - |
| SafeArrayCreate | 0x0000000F | 0x1400F5C28 | 0x0013F810 | 0x0013DE10 | - |
| SetErrorInfo | 0x000000C9 | 0x1400F5C30 | 0x0013F818 | 0x0013DE18 | - |
RPCRT4.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NdrClientCall3 | - | 0x1400F5C40 | 0x0013F828 | 0x0013DE28 | 0x0000009D |
| I_RpcExceptionFilter | - | 0x1400F5C48 | 0x0013F830 | 0x0013DE30 | 0x0000002E |
| UuidCreate | - | 0x1400F5C50 | 0x0013F838 | 0x0013DE38 | 0x00000215 |
Secur32.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TranslateNameW | - | 0x1400F5CC0 | 0x0013F8A8 | 0x0013DEA8 | 0x00000062 |
| GetUserNameExW | - | 0x1400F5CC8 | 0x0013F8B0 | 0x0013DEB0 | 0x0000001D |
| GetComputerObjectNameW | - | 0x1400F5CD0 | 0x0013F8B8 | 0x0013DEB8 | 0x0000001A |
USER32.dll (35)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SendDlgItemMessageA | - | 0x1400F5CE0 | 0x0013F8C8 | 0x0013DEC8 | 0x000002DB |
| CheckDlgButton | - | 0x1400F5CE8 | 0x0013F8D0 | 0x0013DED0 | 0x0000003E |
| ShowWindow | - | 0x1400F5CF0 | 0x0013F8D8 | 0x0013DED8 | 0x0000034E |
| SetFocus | - | 0x1400F5CF8 | 0x0013F8E0 | 0x0013DEE0 | 0x00000300 |
| SetWindowLongPtrW | - | 0x1400F5D00 | 0x0013F8E8 | 0x0013DEE8 | 0x0000033A |
| UpdateWindow | - | 0x1400F5D08 | 0x0013F8F0 | 0x0013DEF0 | 0x00000386 |
| LoadStringW | - | 0x1400F5D10 | 0x0013F8F8 | 0x0013DEF8 | 0x00000243 |
| PostQuitMessage | - | 0x1400F5D18 | 0x0013F900 | 0x0013DF00 | 0x00000284 |
| DefWindowProcW | - | 0x1400F5D20 | 0x0013F908 | 0x0013DF08 | 0x000000A2 |
| CharLowerW | - | 0x1400F5D28 | 0x0013F910 | 0x0013DF10 | 0x0000002E |
| RegisterClassW | - | 0x1400F5D30 | 0x0013F918 | 0x0013DF18 | 0x000002AE |
| CreateWindowExW | - | 0x1400F5D38 | 0x0013F920 | 0x0013DF20 | 0x00000071 |
| EnableWindow | - | 0x1400F5D40 | 0x0013F928 | 0x0013DF28 | 0x000000E6 |
| GetMessageW | - | 0x1400F5D48 | 0x0013F930 | 0x0013DF30 | 0x00000178 |
| TranslateMessage | - | 0x1400F5D50 | 0x0013F938 | 0x0013DF38 | 0x0000036D |
| SetDlgItemInt | - | 0x1400F5D58 | 0x0013F940 | 0x0013DF40 | 0x000002FB |
| EndDialog | - | 0x1400F5D60 | 0x0013F948 | 0x0013DF48 | 0x000000E9 |
| GetDlgItemInt | - | 0x1400F5D68 | 0x0013F950 | 0x0013DF50 | 0x00000141 |
| IsDlgButtonChecked | - | 0x1400F5D70 | 0x0013F958 | 0x0013DF58 | 0x00000210 |
| GetDlgItemTextW | - | 0x1400F5D78 | 0x0013F960 | 0x0013DF60 | 0x00000143 |
| DialogBoxParamW | - | 0x1400F5D80 | 0x0013F968 | 0x0013DF68 | 0x000000B3 |
| SetWindowTextW | - | 0x1400F5D88 | 0x0013F970 | 0x0013DF70 | 0x00000342 |
| DispatchMessageW | - | 0x1400F5D90 | 0x0013F978 | 0x0013DF78 | 0x000000B6 |
| GetDlgItem | - | 0x1400F5D98 | 0x0013F980 | 0x0013DF80 | 0x00000140 |
| SetDlgItemTextW | - | 0x1400F5DA0 | 0x0013F988 | 0x0013DF88 | 0x000002FD |
| LoadCursorW | - | 0x1400F5DA8 | 0x0013F990 | 0x0013DF90 | 0x00000234 |
| GetDesktopWindow | - | 0x1400F5DB0 | 0x0013F998 | 0x0013DF98 | 0x0000013B |
| MessageBoxW | - | 0x1400F5DB8 | 0x0013F9A0 | 0x0013DFA0 | 0x00000260 |
| SendMessageW | - | 0x1400F5DC0 | 0x0013F9A8 | 0x0013DFA8 | 0x000002E5 |
| PostMessageW | - | 0x1400F5DC8 | 0x0013F9B0 | 0x0013DFB0 | 0x00000283 |
| SetCursor | - | 0x1400F5DD0 | 0x0013F9B8 | 0x0013DFB8 | 0x000002F4 |
| GetWindowTextW | - | 0x1400F5DD8 | 0x0013F9C0 | 0x0013DFC0 | 0x000001DB |
| CallWindowProcW | - | 0x1400F5DE0 | 0x0013F9C8 | 0x0013DFC8 | 0x0000001E |
| LoadIconW | - | 0x1400F5DE8 | 0x0013F9D0 | 0x0013DFD0 | 0x00000236 |
| GetWindowLongPtrW | - | 0x1400F5DF0 | 0x0013F9D8 | 0x0013DFD8 | 0x000001CD |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| kn.exe | 7 | 0x7FF6834B0000 | 0x7FF683611FFF | Relevant Image |
|
64-bit | 0x7FF68359B5D0 |
|
...
|
| kn.exe | 7 | 0x7FF6834B0000 | 0x7FF683611FFF | Process Termination |
|
64-bit | - |
|
...
|
| kn.exe | 9 | 0x7FF6834B0000 | 0x7FF683611FFF | Relevant Image |
|
64-bit | 0x7FF6834F6520 |
|
...
|
| kn.exe | 9 | 0x7FF6834B0000 | 0x7FF683611FFF | Process Termination |
|
64-bit | - |
|
...
|
| C:\Users\Public\alpha.exe | Dropped File | Binary |
Suspicious
Known to be clean.
|
...
|
»
| Also Known As |
\??\C:\Users\Public\alpha.exe (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 228.50 KB |
| MD5 |
41e25e514d90e9c8bc570484dbaff62b
|
| SHA1 |
9d41d484b79570b3040909689259d52b24bf6d21
|
| SHA256 |
e6c49f7ce186dc4c9da2c393469b070c0f1b95a01d281ae2b89538da453d1583
|
| SSDeep |
6144:vn8GCkGN3yN8FgrGNyne+UV+xlOb9tt+m:v8GCkY3X9Nyn7Uob09X+
|
| ImpHash |
e9af55cda7f5be2d9801d2640ab396fd
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x1400153F0 |
| Size Of Code | 0x00026400 |
| Size Of Initialized Data | 0x0002EA00 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2015-10-30 02:34 (UTC) |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Windows Command Processor |
| FileVersion | 10.0.10586.0 (th2_release.151029-1700) |
| InternalName | cmd |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | Cmd.Exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.10586.0 |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x000262B8 | 0x00026400 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.41 |
| .rdata | 0x140028000 | 0x00007C3C | 0x00007E00 | 0x00026800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.93 |
| .data | 0x140030000 | 0x0001C1D0 | 0x00000200 | 0x0002E600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.24 |
| .pdata | 0x14004D000 | 0x00001F20 | 0x00002000 | 0x0002E800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.34 |
| .didat | 0x14004F000 | 0x00000080 | 0x00000200 | 0x00030800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.92 |
| .rsrc | 0x140050000 | 0x00008460 | 0x00008600 | 0x00030A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.32 |
| .reloc | 0x140059000 | 0x0000012C | 0x00000200 | 0x00039000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 3.53 |
Imports (31)
»
msvcrt.dll (69)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| _amsg_exit | - | 0x140028588 | 0x0002E418 | 0x0002CC18 | 0x000000AE |
| _XcptFilter | - | 0x140028590 | 0x0002E420 | 0x0002CC20 | 0x00000055 |
| calloc | - | 0x140028598 | 0x0002E428 | 0x0002CC28 | 0x00000425 |
| free | - | 0x1400285A0 | 0x0002E430 | 0x0002CC30 | 0x0000044C |
| _wcslwr | - | 0x1400285A8 | 0x0002E438 | 0x0002CC38 | 0x0000038E |
| qsort | - | 0x1400285B0 | 0x0002E440 | 0x0002CC40 | 0x000004A4 |
| _dup2 | - | 0x1400285B8 | 0x0002E448 | 0x0002CC48 | 0x000000FE |
| _dup | - | 0x1400285C0 | 0x0002E450 | 0x0002CC50 | 0x000000FD |
| _close | - | 0x1400285C8 | 0x0002E458 | 0x0002CC58 | 0x000000D0 |
| swscanf | - | 0x1400285D0 | 0x0002E460 | 0x0002CC60 | 0x000004DD |
| _ultoa | - | 0x1400285D8 | 0x0002E468 | 0x0002CC68 | 0x00000338 |
| _pipe | - | 0x1400285E0 | 0x0002E470 | 0x0002CC70 | 0x00000298 |
| wcsncmp | - | 0x1400285E8 | 0x0002E478 | 0x0002CC78 | 0x0000050B |
| _setmode | - | 0x1400285F0 | 0x0002E480 | 0x0002CC80 | 0x000002C8 |
| exit | - | 0x1400285F8 | 0x0002E488 | 0x0002CC88 | 0x00000432 |
| iswxdigit | - | 0x140028600 | 0x0002E490 | 0x0002CC90 | 0x0000047A |
| time | - | 0x140028608 | 0x0002E498 | 0x0002CC98 | 0x000004E4 |
| srand | - | 0x140028610 | 0x0002E4A0 | 0x0002CCA0 | 0x000004BC |
| memset | - | 0x140028618 | 0x0002E4A8 | 0x0002CCA8 | 0x00000496 |
| _wtol | - | 0x140028620 | 0x0002E4B0 | 0x0002CCB0 | 0x00000409 |
| fflush | - | 0x140028628 | 0x0002E4B8 | 0x0002CCB8 | 0x00000439 |
| wcsstr | - | 0x140028630 | 0x0002E4C0 | 0x0002CCC0 | 0x00000514 |
| iswalpha | - | 0x140028638 | 0x0002E4C8 | 0x0002CCC8 | 0x0000046F |
| wcstoul | - | 0x140028640 | 0x0002E4D0 | 0x0002CCD0 | 0x0000051B |
| __set_app_type | - | 0x140028648 | 0x0002E4D8 | 0x0002CCD8 | 0x0000008E |
| _exit | - | 0x140028650 | 0x0002E4E0 | 0x0002CCE0 | 0x0000010E |
| _errno | - | 0x140028658 | 0x0002E4E8 | 0x0002CCE8 | 0x00000105 |
| rand | - | 0x140028660 | 0x0002E4F0 | 0x0002CCF0 | 0x000004A7 |
| memcpy | - | 0x140028668 | 0x0002E4F8 | 0x0002CCF8 | 0x00000492 |
| _initterm | - | 0x140028670 | 0x0002E500 | 0x0002CD00 | 0x0000017D |
| fprintf | - | 0x140028678 | 0x0002E508 | 0x0002CD08 | 0x00000445 |
| wcsrchr | - | 0x140028680 | 0x0002E510 | 0x0002CD10 | 0x00000510 |
| realloc | - | 0x140028688 | 0x0002E518 | 0x0002CD18 | 0x000004A9 |
| towlower | - | 0x140028690 | 0x0002E520 | 0x0002CD20 | 0x000004EB |
| setlocale | - | 0x140028698 | 0x0002E528 | 0x0002CD28 | 0x000004B1 |
| memcmp | - | 0x1400286A0 | 0x0002E530 | 0x0002CD30 | 0x00000491 |
| _wcsupr | - | 0x1400286A8 | 0x0002E538 | 0x0002CD38 | 0x000003A6 |
| iswdigit | - | 0x1400286B0 | 0x0002E540 | 0x0002CD40 | 0x00000473 |
| _wcsicmp | - | 0x1400286B8 | 0x0002E548 | 0x0002CD48 | 0x0000038A |
| _setjmp | - | 0x1400286C0 | 0x0002E550 | 0x0002CD50 | 0x000002C4 |
| iswspace | - | 0x1400286C8 | 0x0002E558 | 0x0002CD58 | 0x00000478 |
| _local_unwind | - | 0x1400286D0 | 0x0002E560 | 0x0002CD60 | 0x000001E1 |
| _cexit | - | 0x1400286D8 | 0x0002E568 | 0x0002CD68 | 0x000000C1 |
| wcschr | - | 0x1400286E0 | 0x0002E570 | 0x0002CD70 | 0x00000501 |
| memmove | - | 0x1400286E8 | 0x0002E578 | 0x0002CD78 | 0x00000494 |
| fgets | - | 0x1400286F0 | 0x0002E580 | 0x0002CD80 | 0x0000043C |
| _pclose | - | 0x1400286F8 | 0x0002E588 | 0x0002CD88 | 0x00000295 |
| ferror | - | 0x140028700 | 0x0002E590 | 0x0002CD90 | 0x00000438 |
| feof | - | 0x140028708 | 0x0002E598 | 0x0002CD98 | 0x00000437 |
| _wpopen | - | 0x140028710 | 0x0002E5A0 | 0x0002CDA0 | 0x000003DB |
| _wcsnicmp | - | 0x140028718 | 0x0002E5A8 | 0x0002CDA8 | 0x00000394 |
| _vsnwprintf | - | 0x140028720 | 0x0002E5B0 | 0x0002CDB0 | 0x00000369 |
| wcstol | - | 0x140028728 | 0x0002E5B8 | 0x0002CDB8 | 0x00000518 |
| __getmainargs | - | 0x140028730 | 0x0002E5C0 | 0x0002CDC0 | 0x0000007F |
| ?terminate@@YAXXZ | - | 0x140028738 | 0x0002E5C8 | 0x0002CDC8 | 0x0000002F |
| _get_osfhandle | - | 0x140028740 | 0x0002E5D0 | 0x0002CDD0 | 0x00000155 |
| __C_specific_handler | - | 0x140028748 | 0x0002E5D8 | 0x0002CDD8 | 0x00000057 |
| _getch | - | 0x140028750 | 0x0002E5E0 | 0x0002CDE0 | 0x00000160 |
| __iob_func | - | 0x140028758 | 0x0002E5E8 | 0x0002CDE8 | 0x00000081 |
| towupper | - | 0x140028760 | 0x0002E5F0 | 0x0002CDF0 | 0x000004EC |
| wcsspn | - | 0x140028768 | 0x0002E5F8 | 0x0002CDF8 | 0x00000513 |
| _tell | - | 0x140028770 | 0x0002E600 | 0x0002CE00 | 0x00000325 |
| longjmp | - | 0x140028778 | 0x0002E608 | 0x0002CE08 | 0x00000485 |
| __setusermatherr | - | 0x140028780 | 0x0002E610 | 0x0002CE10 | 0x00000090 |
| _commode | - | 0x140028788 | 0x0002E618 | 0x0002CE18 | 0x000000D2 |
| printf | - | 0x140028790 | 0x0002E620 | 0x0002CE20 | 0x0000049D |
| _fmode | - | 0x140028798 | 0x0002E628 | 0x0002CE28 | 0x00000127 |
| _open_osfhandle | - | 0x1400287A0 | 0x0002E630 | 0x0002CE30 | 0x00000292 |
| wcscmp | - | 0x1400287A8 | 0x0002E638 | 0x0002CE38 | 0x00000502 |
ntdll.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RtlVirtualUnwind | - | 0x1400287B8 | 0x0002E648 | 0x0002CE48 | 0x0000058F |
| RtlLookupFunctionEntry | - | 0x1400287C0 | 0x0002E650 | 0x0002CE50 | 0x0000047B |
| RtlCaptureContext | - | 0x1400287C8 | 0x0002E658 | 0x0002CE58 | 0x000002C9 |
| NtOpenThreadToken | - | 0x1400287D0 | 0x0002E660 | 0x0002CE60 | 0x00000199 |
| NtClose | - | 0x1400287D8 | 0x0002E668 | 0x0002CE68 | 0x000000EE |
| NtOpenProcessToken | - | 0x1400287E0 | 0x0002E670 | 0x0002CE70 | 0x00000191 |
| NtQueryInformationToken | - | 0x1400287E8 | 0x0002E678 | 0x0002CE78 | 0x000001BF |
| RtlFreeHeap | - | 0x1400287F0 | 0x0002E680 | 0x0002CE80 | 0x000003AE |
| NtFsControlFile | - | 0x1400287F8 | 0x0002E688 | 0x0002CE88 | 0x00000151 |
| RtlDosPathNameToNtPathName_U | - | 0x140028800 | 0x0002E690 | 0x0002CE90 | 0x0000035D |
| RtlFindLeastSignificantBit | - | 0x140028808 | 0x0002E698 | 0x0002CE98 | 0x0000039A |
| RtlFreeUnicodeString | - | 0x140028810 | 0x0002E6A0 | 0x0002CEA0 | 0x000003B3 |
| RtlReleaseRelativeName | - | 0x140028818 | 0x0002E6A8 | 0x0002CEA8 | 0x000004E4 |
| NtOpenFile | - | 0x140028820 | 0x0002E6B0 | 0x0002CEB0 | 0x00000184 |
| RtlDosPathNameToRelativeNtPathName_U_WithStatus | - | 0x140028828 | 0x0002E6B8 | 0x0002CEB8 | 0x00000360 |
| NtSetInformationFile | - | 0x140028830 | 0x0002E6C0 | 0x0002CEC0 | 0x00000220 |
| NtQueryVolumeInformationFile | - | 0x140028838 | 0x0002E6C8 | 0x0002CEC8 | 0x000001DE |
| NtSetInformationProcess | - | 0x140028840 | 0x0002E6D0 | 0x0002CED0 | 0x00000224 |
| NtQueryInformationProcess | - | 0x140028848 | 0x0002E6D8 | 0x0002CED8 | 0x000001BC |
| RtlNtStatusToDosError | - | 0x140028850 | 0x0002E6E0 | 0x0002CEE0 | 0x0000048E |
| NtCancelSynchronousIoFile | - | 0x140028858 | 0x0002E6E8 | 0x0002CEE8 | 0x000000E9 |
| RtlCreateUnicodeStringFromAsciiz | - | 0x140028860 | 0x0002E6F0 | 0x0002CEF0 | 0x0000031F |
api-ms-win-core-kernel32-legacy-l1-1-1.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CopyFileW | - | 0x140028288 | 0x0002E118 | 0x0002C918 | 0x00000006 |
api-ms-win-core-memory-l1-1-2.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| VirtualAlloc | - | 0x140028300 | 0x0002E190 | 0x0002C990 | 0x00000021 |
| VirtualQuery | - | 0x140028308 | 0x0002E198 | 0x0002C998 | 0x0000002B |
| ReadProcessMemory | - | 0x140028310 | 0x0002E1A0 | 0x0002C9A0 | 0x00000017 |
| VirtualFree | - | 0x140028318 | 0x0002E1A8 | 0x0002C9A8 | 0x00000025 |
api-ms-win-core-localization-l1-2-1.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FormatMessageW | - | 0x1400282C0 | 0x0002E150 | 0x0002C950 | 0x00000008 |
| SetThreadLocale | - | 0x1400282C8 | 0x0002E158 | 0x0002C958 | 0x00000038 |
| GetThreadLocale | - | 0x1400282D0 | 0x0002E160 | 0x0002C960 | 0x0000001C |
| GetLocaleInfoW | - | 0x1400282D8 | 0x0002E168 | 0x0002C968 | 0x00000013 |
| GetUserDefaultLCID | - | 0x1400282E0 | 0x0002E170 | 0x0002C970 | 0x00000020 |
| GetCPInfo | - | 0x1400282E8 | 0x0002E178 | 0x0002C978 | 0x0000000A |
| GetACP | - | 0x1400282F0 | 0x0002E180 | 0x0002C980 | 0x00000009 |
api-ms-win-core-console-l1-1-0.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WriteConsoleW | - | 0x140028010 | 0x0002DEA0 | 0x0002C6A0 | 0x0000000D |
| SetConsoleMode | - | 0x140028018 | 0x0002DEA8 | 0x0002C6A8 | 0x0000000B |
| GetConsoleMode | - | 0x140028020 | 0x0002DEB0 | 0x0002C6B0 | 0x00000002 |
| GetConsoleOutputCP | - | 0x140028028 | 0x0002DEB8 | 0x0002C6B8 | 0x00000003 |
| SetConsoleCtrlHandler | - | 0x140028030 | 0x0002DEC0 | 0x0002C6C0 | 0x0000000A |
| ReadConsoleW | - | 0x140028038 | 0x0002DEC8 | 0x0002C6C8 | 0x00000009 |
api-ms-win-core-libraryloader-l1-2-0.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetProcAddress | - | 0x140028298 | 0x0002E128 | 0x0002C928 | 0x00000014 |
| GetModuleHandleW | - | 0x1400282A0 | 0x0002E130 | 0x0002C930 | 0x00000013 |
| GetModuleFileNameW | - | 0x1400282A8 | 0x0002E138 | 0x0002C938 | 0x0000000F |
| LoadLibraryExW | - | 0x1400282B0 | 0x0002E140 | 0x0002C940 | 0x00000017 |
api-ms-win-core-file-l1-2-1.dll (27)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetFileAttributesW | - | 0x1400280F8 | 0x0002DF88 | 0x0002C788 | 0x0000002A |
| RemoveDirectoryW | - | 0x140028100 | 0x0002DF90 | 0x0002C790 | 0x0000004B |
| CompareFileTime | - | 0x140028108 | 0x0002DF98 | 0x0002C798 | 0x00000001 |
| SetFileTime | - | 0x140028110 | 0x0002DFA0 | 0x0002C7A0 | 0x00000055 |
| DeleteFileW | - | 0x140028118 | 0x0002DFA8 | 0x0002C7A8 | 0x00000009 |
| SetEndOfFile | - | 0x140028120 | 0x0002DFB0 | 0x0002C7B0 | 0x0000004C |
| SetFileAttributesW | - | 0x140028128 | 0x0002DFB8 | 0x0002C7B8 | 0x00000050 |
| CreateDirectoryW | - | 0x140028130 | 0x0002DFC0 | 0x0002C7C0 | 0x00000003 |
| GetFileType | - | 0x140028138 | 0x0002DFC8 | 0x0002C7C8 | 0x0000002F |
| FindFirstFileW | - | 0x140028140 | 0x0002DFD0 | 0x0002C7D0 | 0x00000014 |
| GetDiskFreeSpaceExW | - | 0x140028148 | 0x0002DFD8 | 0x0002C7D8 | 0x00000023 |
| FindNextFileW | - | 0x140028150 | 0x0002DFE0 | 0x0002C7E0 | 0x0000001A |
| FindClose | - | 0x140028158 | 0x0002DFE8 | 0x0002C7E8 | 0x0000000C |
| FlushFileBuffers | - | 0x140028160 | 0x0002DFF0 | 0x0002C7F0 | 0x0000001E |
| FindFirstFileExW | - | 0x140028168 | 0x0002DFF8 | 0x0002C7F8 | 0x00000012 |
| CreateFileW | - | 0x140028170 | 0x0002E000 | 0x0002C800 | 0x00000006 |
| WriteFile | - | 0x140028178 | 0x0002E008 | 0x0002C808 | 0x00000059 |
| FileTimeToLocalFileTime | - | 0x140028180 | 0x0002E010 | 0x0002C810 | 0x0000000B |
| SetFilePointer | - | 0x140028188 | 0x0002E018 | 0x0002C818 | 0x00000053 |
| GetFileSize | - | 0x140028190 | 0x0002E020 | 0x0002C820 | 0x0000002C |
| GetFullPathNameW | - | 0x140028198 | 0x0002E028 | 0x0002C828 | 0x00000033 |
| GetFileAttributesExW | - | 0x1400281A0 | 0x0002E030 | 0x0002C830 | 0x00000029 |
| GetDriveTypeW | - | 0x1400281A8 | 0x0002E038 | 0x0002C838 | 0x00000026 |
| ReadFile | - | 0x1400281B0 | 0x0002E040 | 0x0002C840 | 0x00000047 |
| GetVolumePathNameW | - | 0x1400281B8 | 0x0002E048 | 0x0002C848 | 0x00000041 |
| SetFilePointerEx | - | 0x1400281C0 | 0x0002E050 | 0x0002C850 | 0x00000054 |
| GetVolumeInformationW | - | 0x1400281C8 | 0x0002E058 | 0x0002C858 | 0x0000003F |
api-ms-win-core-errorhandling-l1-1-1.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetUnhandledExceptionFilter | - | 0x1400280C8 | 0x0002DF58 | 0x0002C758 | 0x0000000F |
| SetErrorMode | - | 0x1400280D0 | 0x0002DF60 | 0x0002C760 | 0x0000000C |
| UnhandledExceptionFilter | - | 0x1400280D8 | 0x0002DF68 | 0x0002C768 | 0x00000011 |
| GetLastError | - | 0x1400280E0 | 0x0002DF70 | 0x0002C770 | 0x00000005 |
| SetLastError | - | 0x1400280E8 | 0x0002DF78 | 0x0002C778 | 0x0000000D |
api-ms-win-core-handle-l1-1-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CloseHandle | - | 0x140028208 | 0x0002E098 | 0x0002C898 | 0x00000000 |
| DuplicateHandle | - | 0x140028210 | 0x0002E0A0 | 0x0002C8A0 | 0x00000002 |
api-ms-win-core-string-l1-1-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| MultiByteToWideChar | - | 0x140028478 | 0x0002E308 | 0x0002CB08 | 0x00000006 |
| WideCharToMultiByte | - | 0x140028480 | 0x0002E310 | 0x0002CB10 | 0x00000007 |
api-ms-win-core-processenvironment-l1-2-0.dll (12)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SearchPathW | - | 0x140028328 | 0x0002E1B8 | 0x0002C9B8 | 0x00000010 |
| GetCurrentDirectoryW | - | 0x140028330 | 0x0002E1C0 | 0x0002C9C0 | 0x00000007 |
| NeedCurrentDirectoryForExePathW | - | 0x140028338 | 0x0002E1C8 | 0x0002C9C8 | 0x0000000E |
| GetStdHandle | - | 0x140028340 | 0x0002E1D0 | 0x0002C9D0 | 0x0000000C |
| GetCommandLineW | - | 0x140028348 | 0x0002E1D8 | 0x0002C9D8 | 0x00000005 |
| GetEnvironmentVariableW | - | 0x140028350 | 0x0002E1E0 | 0x0002C9E0 | 0x0000000B |
| GetEnvironmentStringsW | - | 0x140028358 | 0x0002E1E8 | 0x0002C9E8 | 0x00000009 |
| ExpandEnvironmentStringsW | - | 0x140028360 | 0x0002E1F0 | 0x0002C9F0 | 0x00000001 |
| SetEnvironmentStringsW | - | 0x140028368 | 0x0002E1F8 | 0x0002C9F8 | 0x00000013 |
| SetCurrentDirectoryW | - | 0x140028370 | 0x0002E200 | 0x0002CA00 | 0x00000012 |
| SetEnvironmentVariableW | - | 0x140028378 | 0x0002E208 | 0x0002CA08 | 0x00000015 |
| FreeEnvironmentStringsW | - | 0x140028380 | 0x0002E210 | 0x0002CA10 | 0x00000003 |
api-ms-win-core-console-l2-1-0.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FlushConsoleInputBuffer | - | 0x140028048 | 0x0002DED8 | 0x0002C6D8 | 0x00000005 |
| GetConsoleTitleW | - | 0x140028050 | 0x0002DEE0 | 0x0002C6E0 | 0x0000000B |
| SetConsoleCursorPosition | - | 0x140028058 | 0x0002DEE8 | 0x0002C6E8 | 0x00000018 |
| ScrollConsoleScreenBufferW | - | 0x140028060 | 0x0002DEF0 | 0x0002C6F0 | 0x00000014 |
| FillConsoleOutputCharacterW | - | 0x140028068 | 0x0002DEF8 | 0x0002C6F8 | 0x00000004 |
| FillConsoleOutputAttribute | - | 0x140028070 | 0x0002DF00 | 0x0002C700 | 0x00000002 |
| SetConsoleTitleW | - | 0x140028078 | 0x0002DF08 | 0x0002C708 | 0x0000001D |
| GetConsoleScreenBufferInfo | - | 0x140028080 | 0x0002DF10 | 0x0002C710 | 0x00000009 |
| SetConsoleTextAttribute | - | 0x140028088 | 0x0002DF18 | 0x0002C718 | 0x0000001C |
api-ms-win-core-heap-l1-2-0.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| HeapReAlloc | - | 0x140028220 | 0x0002E0B0 | 0x0002C8B0 | 0x00000009 |
| HeapSize | - | 0x140028228 | 0x0002E0B8 | 0x0002C8B8 | 0x0000000B |
| HeapFree | - | 0x140028230 | 0x0002E0C0 | 0x0002C8C0 | 0x00000006 |
| HeapAlloc | - | 0x140028238 | 0x0002E0C8 | 0x0002C8C8 | 0x00000002 |
| HeapSetInformation | - | 0x140028240 | 0x0002E0D0 | 0x0002C8D0 | 0x0000000A |
| GetProcessHeap | - | 0x140028248 | 0x0002E0D8 | 0x0002C8D8 | 0x00000000 |
api-ms-win-security-base-l1-2-0.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RevertToSelf | - | 0x140028568 | 0x0002E3F8 | 0x0002CBF8 | 0x00000057 |
| GetSecurityDescriptorOwner | - | 0x140028570 | 0x0002E400 | 0x0002CC00 | 0x00000039 |
| GetFileSecurityW | - | 0x140028578 | 0x0002E408 | 0x0002CC08 | 0x00000031 |
api-ms-win-core-synch-l1-2-0.dll (9)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| EnterCriticalSection | - | 0x1400284A8 | 0x0002E338 | 0x0002CB38 | 0x00000011 |
| InitializeCriticalSection | - | 0x1400284B0 | 0x0002E340 | 0x0002CB40 | 0x00000018 |
| ReleaseSRWLockShared | - | 0x1400284B8 | 0x0002E348 | 0x0002CB48 | 0x00000025 |
| LeaveCriticalSection | - | 0x1400284C0 | 0x0002E350 | 0x0002CB50 | 0x0000001D |
| ReleaseSRWLockExclusive | - | 0x1400284C8 | 0x0002E358 | 0x0002CB58 | 0x00000024 |
| WaitForSingleObject | - | 0x1400284D0 | 0x0002E360 | 0x0002CB60 | 0x00000036 |
| Sleep | - | 0x1400284D8 | 0x0002E368 | 0x0002CB68 | 0x0000002D |
| AcquireSRWLockShared | - | 0x1400284E0 | 0x0002E370 | 0x0002CB70 | 0x00000001 |
| TryAcquireSRWLockExclusive | - | 0x1400284E8 | 0x0002E378 | 0x0002CB78 | 0x00000031 |
api-ms-win-core-sysinfo-l1-2-1.dll (7)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetLocalTime | - | 0x1400284F8 | 0x0002E388 | 0x0002CB88 | 0x00000005 |
| GetVersion | - | 0x140028500 | 0x0002E390 | 0x0002CB90 | 0x0000001A |
| SetLocalTime | - | 0x140028508 | 0x0002E398 | 0x0002CB98 | 0x00000026 |
| GetSystemTimeAsFileTime | - | 0x140028510 | 0x0002E3A0 | 0x0002CBA0 | 0x00000014 |
| GetWindowsDirectoryW | - | 0x140028518 | 0x0002E3A8 | 0x0002CBA8 | 0x0000001E |
| GetTickCount | - | 0x140028520 | 0x0002E3B0 | 0x0002CBB0 | 0x00000018 |
| GetSystemTime | - | 0x140028528 | 0x0002E3B8 | 0x0002CBB8 | 0x00000012 |
api-ms-win-core-timezone-l1-1-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| FileTimeToSystemTime | - | 0x140028550 | 0x0002E3E0 | 0x0002CBE0 | 0x00000001 |
| SystemTimeToFileTime | - | 0x140028558 | 0x0002E3E8 | 0x0002CBE8 | 0x00000008 |
api-ms-win-core-datetime-l1-1-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetDateFormatW | - | 0x140028098 | 0x0002DF28 | 0x0002C728 | 0x00000002 |
| GetTimeFormatW | - | 0x1400280A0 | 0x0002DF30 | 0x0002C730 | 0x00000006 |
api-ms-win-core-systemtopology-l1-1-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetNumaHighestNodeNumber | - | 0x140028538 | 0x0002E3C8 | 0x0002CBC8 | 0x00000000 |
| GetNumaNodeProcessorMaskEx | - | 0x140028540 | 0x0002E3D0 | 0x0002CBD0 | 0x00000001 |
api-ms-win-core-processthreads-l1-1-2.dll (13)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TerminateProcess | - | 0x140028390 | 0x0002E220 | 0x0002CA20 | 0x0000004B |
| GetExitCodeProcess | - | 0x140028398 | 0x0002E228 | 0x0002CA28 | 0x00000013 |
| GetCurrentThreadId | - | 0x1400283A0 | 0x0002E230 | 0x0002CA30 | 0x00000011 |
| OpenThread | - | 0x1400283A8 | 0x0002E238 | 0x0002CA38 | 0x00000031 |
| GetCurrentProcess | - | 0x1400283B0 | 0x0002E240 | 0x0002CA40 | 0x0000000C |
| GetCurrentProcessId | - | 0x1400283B8 | 0x0002E248 | 0x0002CA48 | 0x0000000D |
| CreateProcessW | - | 0x1400283C0 | 0x0002E250 | 0x0002CA50 | 0x00000003 |
| CreateProcessAsUserW | - | 0x1400283C8 | 0x0002E258 | 0x0002CA58 | 0x00000002 |
| UpdateProcThreadAttribute | - | 0x1400283D0 | 0x0002E260 | 0x0002CA60 | 0x00000051 |
| ResumeThread | - | 0x1400283D8 | 0x0002E268 | 0x0002CA68 | 0x00000037 |
| DeleteProcThreadAttributeList | - | 0x1400283E0 | 0x0002E270 | 0x0002CA70 | 0x00000007 |
| InitializeProcThreadAttributeList | - | 0x1400283E8 | 0x0002E278 | 0x0002CA78 | 0x0000002C |
| GetStartupInfoW | - | 0x1400283F0 | 0x0002E280 | 0x0002CA80 | 0x00000020 |
api-ms-win-core-registry-l1-1-0.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RegEnumKeyExW | - | 0x140028430 | 0x0002E2C0 | 0x0002CAC0 | 0x0000000E |
| RegCreateKeyExW | - | 0x140028438 | 0x0002E2C8 | 0x0002CAC8 | 0x00000003 |
| RegQueryValueExW | - | 0x140028440 | 0x0002E2D0 | 0x0002CAD0 | 0x00000023 |
| RegCloseKey | - | 0x140028448 | 0x0002E2D8 | 0x0002CAD8 | 0x00000000 |
| RegSetValueExW | - | 0x140028450 | 0x0002E2E0 | 0x0002CAE0 | 0x0000002C |
| RegDeleteValueW | - | 0x140028458 | 0x0002E2E8 | 0x0002CAE8 | 0x0000000B |
| RegDeleteKeyExW | - | 0x140028460 | 0x0002E2F0 | 0x0002CAF0 | 0x00000005 |
| RegOpenKeyExW | - | 0x140028468 | 0x0002E2F8 | 0x0002CAF8 | 0x0000001E |
api-ms-win-core-file-l2-1-1.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CreateHardLinkW | - | 0x1400281D8 | 0x0002E068 | 0x0002C868 | 0x00000005 |
| GetFileInformationByHandleEx | - | 0x1400281E0 | 0x0002E070 | 0x0002C870 | 0x00000007 |
| CreateSymbolicLinkW | - | 0x1400281E8 | 0x0002E078 | 0x0002C878 | 0x00000006 |
| MoveFileWithProgressW | - | 0x1400281F0 | 0x0002E080 | 0x0002C880 | 0x00000009 |
| MoveFileExW | - | 0x1400281F8 | 0x0002E088 | 0x0002C888 | 0x00000008 |
api-ms-win-core-heap-l2-1-0.dll (3)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GlobalAlloc | - | 0x140028258 | 0x0002E0E8 | 0x0002C8E8 | 0x00000000 |
| GlobalFree | - | 0x140028260 | 0x0002E0F0 | 0x0002C8F0 | 0x00000001 |
| LocalFree | - | 0x140028268 | 0x0002E0F8 | 0x0002C8F8 | 0x00000003 |
api-ms-win-core-io-l1-1-1.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| DeviceIoControl | - | 0x140028278 | 0x0002E108 | 0x0002C908 | 0x00000004 |
api-ms-win-core-processtopology-l1-2-0.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetThreadGroupAffinity | - | 0x140028400 | 0x0002E290 | 0x0002CA90 | 0x00000001 |
api-ms-win-core-profile-l1-1-0.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| QueryPerformanceCounter | - | 0x140028420 | 0x0002E2B0 | 0x0002CAB0 | 0x00000000 |
api-ms-win-core-string-obsolete-l1-1-0.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| lstrcmpiW | - | 0x140028490 | 0x0002E320 | 0x0002CB20 | 0x00000005 |
| lstrcmpW | - | 0x140028498 | 0x0002E328 | 0x0002CB28 | 0x00000003 |
api-ms-win-core-processtopology-obsolete-l1-1-0.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SetProcessAffinityMask | - | 0x140028410 | 0x0002E2A0 | 0x0002CAA0 | 0x00000003 |
api-ms-win-core-apiquery-l1-1-0.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ApiSetQueryApiSetPresence | - | 0x140028000 | 0x0002DE90 | 0x0002C690 | 0x00000000 |
api-ms-win-core-delayload-l1-1-1.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ResolveDelayLoadedAPI | - | 0x1400280B0 | 0x0002DF40 | 0x0002C740 | 0x00000001 |
| DelayLoadFailureHook | - | 0x1400280B8 | 0x0002DF48 | 0x0002C748 | 0x00000000 |
Memory Dumps (10)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| alpha.exe | 4 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Relevant Image |
|
64-bit | 0x7FF79EF94E44 |
|
...
|
| alpha.exe | 4 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Process Termination |
|
64-bit | - |
|
...
|
| alpha.exe | 6 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Relevant Image |
|
64-bit | 0x7FF79EF9D694 |
|
...
|
| alpha.exe | 6 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Process Termination |
|
64-bit | - |
|
...
|
| alpha.exe | 8 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Relevant Image |
|
64-bit | 0x7FF79EF9FE00 |
|
...
|
| alpha.exe | 8 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Process Termination |
|
64-bit | - |
|
...
|
| alpha.exe | 11 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Relevant Image |
|
64-bit | 0x7FF79EF9FE00 |
|
...
|
| alpha.exe | 11 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Process Termination |
|
64-bit | - |
|
...
|
| alpha.exe | 12 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Relevant Image |
|
64-bit | 0x7FF79EF9B4A2 |
|
...
|
| alpha.exe | 12 | 0x7FF79EF90000 | 0x7FF79EFE9FFF | Process Termination |
|
64-bit | - |
|
...
|
| \??\C:\Users\Public\Libraries\easinvoker.exe | Dropped File | Binary |
Clean
Known to be clean.
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 128.56 KB |
| MD5 |
231ce1e1d7d98b44371ffff407d68b59
|
| SHA1 |
25510d0f6353dbf0c9f72fc880de7585e34b28ff
|
| SHA256 |
30951db8bfc21640645aa9144cfeaa294bb7c6980ef236d28552b6f4f3f92a96
|
| SSDeep |
3072:zar2xXibKcf5K67+k02XbFbosspwUUgcR:Nibl7+k02XZb9UA
|
| ImpHash |
ae602ececd2a94196c949ced947dec0b
|
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
PE Information
»
| Image Base | 0x140000000 |
| Entry Point | 0x140019B20 |
| Size Of Code | 0x00019C00 |
| Size Of Initialized Data | 0x00004400 |
| Size Of Uninitialized Data | 0x00000200 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_AMD64 |
| Compile Timestamp | 2014-10-29 02:26 (UTC) |
Version Information (8)
»
| CompanyName | Microsoft Corporation |
| FileDescription | Exchange ActiveSync Invoker |
| FileVersion | 6.3.9600.17415 (winblue_r4.141028-1500) |
| InternalName | easinvoker.exe |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | easinvoker.exe |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 6.3.9600.17415 |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x140001000 | 0x00019B90 | 0x00019C00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 4.79 |
| .imrsiv | 0x14001B000 | 0x00000004 | 0x00000000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .data | 0x14001C000 | 0x00000CC0 | 0x00000600 | 0x0001A000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.72 |
| .pdata | 0x14001D000 | 0x000005F4 | 0x00000600 | 0x0001A600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.91 |
| .idata | 0x14001E000 | 0x0000171A | 0x00001800 | 0x0001AC00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.62 |
| .rsrc | 0x140020000 | 0x00000900 | 0x00000A00 | 0x0001C400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.25 |
| .reloc | 0x140021000 | 0x00000D34 | 0x00000E00 | 0x0001CE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 5.32 |
Imports (12)
»
ADVAPI32.dll (30)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TraceMessage | - | 0x14001E000 | 0x0001E618 | 0x0001B218 | 0x0000031F |
| RegGetValueW | - | 0x14001E008 | 0x0001E620 | 0x0001B220 | 0x0000027A |
| OpenProcessToken | - | 0x14001E010 | 0x0001E628 | 0x0001B228 | 0x00000212 |
| OpenThreadToken | - | 0x14001E018 | 0x0001E630 | 0x0001B230 | 0x00000217 |
| GetTokenInformation | - | 0x14001E020 | 0x0001E638 | 0x0001B238 | 0x0000016F |
| MakeAbsoluteSD | - | 0x14001E028 | 0x0001E640 | 0x0001B240 | 0x000001FB |
| ConvertStringSecurityDescriptorToSecurityDescriptorW | - | 0x14001E030 | 0x0001E648 | 0x0001B248 | 0x00000081 |
| ConvertSidToStringSidW | - | 0x14001E038 | 0x0001E650 | 0x0001B250 | 0x0000007B |
| GetTraceEnableFlags | - | 0x14001E040 | 0x0001E658 | 0x0001B258 | 0x00000170 |
| GetTraceLoggerHandle | - | 0x14001E048 | 0x0001E660 | 0x0001B260 | 0x00000172 |
| UnregisterTraceGuids | - | 0x14001E050 | 0x0001E668 | 0x0001B268 | 0x0000032C |
| GetTraceEnableLevel | - | 0x14001E058 | 0x0001E670 | 0x0001B270 | 0x00000171 |
| RegisterTraceGuidsW | - | 0x14001E060 | 0x0001E678 | 0x0001B278 | 0x000002AE |
| GetLengthSid | - | 0x14001E068 | 0x0001E680 | 0x0001B280 | 0x0000014A |
| CopySid | - | 0x14001E070 | 0x0001E688 | 0x0001B288 | 0x00000085 |
| CreateWellKnownSid | - | 0x14001E078 | 0x0001E690 | 0x0001B290 | 0x00000092 |
| GetSecurityDescriptorDacl | - | 0x14001E080 | 0x0001E698 | 0x0001B298 | 0x0000015C |
| RegOpenKeyExW | - | 0x14001E088 | 0x0001E6A0 | 0x0001B2A0 | 0x00000285 |
| RegCreateKeyExW | - | 0x14001E090 | 0x0001E6A8 | 0x0001B2A8 | 0x0000025D |
| RegCloseKey | - | 0x14001E098 | 0x0001E6B0 | 0x0001B2B0 | 0x00000254 |
| RegQueryInfoKeyW | - | 0x14001E0A0 | 0x0001E6B8 | 0x0001B2B8 | 0x0000028C |
| RegEnumValueW | - | 0x14001E0A8 | 0x0001E6C0 | 0x0001B2C0 | 0x00000276 |
| RegOpenKeyExA | - | 0x14001E0B0 | 0x0001E6C8 | 0x0001B2C8 | 0x00000284 |
| RegQueryValueExA | - | 0x14001E0B8 | 0x0001E6D0 | 0x0001B2D0 | 0x00000291 |
| RegDeleteValueW | - | 0x14001E0C0 | 0x0001E6D8 | 0x0001B2D8 | 0x0000026C |
| PrivilegeCheck | - | 0x14001E0C8 | 0x0001E6E0 | 0x0001B2E0 | 0x0000023A |
| CheckTokenMembership | - | 0x14001E0D0 | 0x0001E6E8 | 0x0001B2E8 | 0x0000005F |
| RegSetValueExW | - | 0x14001E0D8 | 0x0001E6F0 | 0x0001B2F0 | 0x000002A2 |
| EventUnregister | - | 0x14001E0E0 | 0x0001E6F8 | 0x0001B2F8 | 0x00000122 |
| EventRegister | - | 0x14001E0E8 | 0x0001E700 | 0x0001B300 | 0x00000120 |
KERNEL32.dll (29)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetModuleHandleW | - | 0x14001E130 | 0x0001E748 | 0x0001B348 | 0x0000026D |
| SetUnhandledExceptionFilter | - | 0x14001E138 | 0x0001E750 | 0x0001B350 | 0x00000552 |
| Sleep | - | 0x14001E140 | 0x0001E758 | 0x0001B358 | 0x00000561 |
| QueryPerformanceCounter | - | 0x14001E148 | 0x0001E760 | 0x0001B360 | 0x00000430 |
| GetCurrentProcessId | - | 0x14001E150 | 0x0001E768 | 0x0001B368 | 0x00000210 |
| GetCurrentThreadId | - | 0x14001E158 | 0x0001E770 | 0x0001B370 | 0x00000214 |
| GetSystemTimeAsFileTime | - | 0x14001E160 | 0x0001E778 | 0x0001B378 | 0x000002DD |
| GetTickCount | - | 0x14001E168 | 0x0001E780 | 0x0001B380 | 0x000002F9 |
| UnhandledExceptionFilter | - | 0x14001E170 | 0x0001E788 | 0x0001B388 | 0x00000592 |
| TerminateProcess | - | 0x14001E178 | 0x0001E790 | 0x0001B390 | 0x00000570 |
| LocalAlloc | - | 0x14001E180 | 0x0001E798 | 0x0001B398 | 0x000003B1 |
| FreeLibrary | - | 0x14001E188 | 0x0001E7A0 | 0x0001B3A0 | 0x000001A4 |
| LoadLibraryExW | - | 0x14001E190 | 0x0001E7A8 | 0x0001B3A8 | 0x000003AA |
| GetProcAddress | - | 0x14001E198 | 0x0001E7B0 | 0x0001B3B0 | 0x000002A4 |
| CreateFileW | - | 0x14001E1A0 | 0x0001E7B8 | 0x0001B3B8 | 0x000000C2 |
| GetSystemWindowsDirectoryW | - | 0x14001E1A8 | 0x0001E7C0 | 0x0001B3C0 | 0x000002E1 |
| HeapAlloc | - | 0x14001E1B0 | 0x0001E7C8 | 0x0001B3C8 | 0x00000338 |
| HeapFree | - | 0x14001E1B8 | 0x0001E7D0 | 0x0001B3D0 | 0x0000033C |
| GetProcessHeap | - | 0x14001E1C0 | 0x0001E7D8 | 0x0001B3D8 | 0x000002A9 |
| GetComputerNameExW | - | 0x14001E1C8 | 0x0001E7E0 | 0x0001B3E0 | 0x000001D6 |
| LocalFree | - | 0x14001E1D0 | 0x0001E7E8 | 0x0001B3E8 | 0x000003B5 |
| CloseHandle | - | 0x14001E1D8 | 0x0001E7F0 | 0x0001B3F0 | 0x0000007F |
| CreateEventW | - | 0x14001E1E0 | 0x0001E7F8 | 0x0001B3F8 | 0x000000B6 |
| GetLastError | - | 0x14001E1E8 | 0x0001E800 | 0x0001B400 | 0x00000256 |
| GetCurrentThread | - | 0x14001E1F0 | 0x0001E808 | 0x0001B408 | 0x00000213 |
| SetEvent | - | 0x14001E1F8 | 0x0001E810 | 0x0001B410 | 0x000004FF |
| WaitForSingleObject | - | 0x14001E200 | 0x0001E818 | 0x0001B418 | 0x000005BB |
| GetCurrentProcess | - | 0x14001E208 | 0x0001E820 | 0x0001B420 | 0x0000020F |
| GetVersionExW | - | 0x14001E210 | 0x0001E828 | 0x0001B428 | 0x0000030E |
msvcrt.dll (26)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| ??3@YAXPEAX@Z | - | 0x14001E2D8 | 0x0001E8F0 | 0x0001B4F0 | 0x00000015 |
| ??2@YAPEAX_K@Z | - | 0x14001E2E0 | 0x0001E8F8 | 0x0001B4F8 | 0x00000013 |
| _vsnwprintf | - | 0x14001E2E8 | 0x0001E900 | 0x0001B500 | 0x0000036A |
| _XcptFilter | - | 0x14001E2F0 | 0x0001E908 | 0x0001B508 | 0x00000056 |
| _amsg_exit | - | 0x14001E2F8 | 0x0001E910 | 0x0001B510 | 0x000000AF |
| _wcsnicmp | - | 0x14001E300 | 0x0001E918 | 0x0001B518 | 0x00000395 |
| _wcsicmp | - | 0x14001E308 | 0x0001E920 | 0x0001B520 | 0x0000038B |
| memcpy | - | 0x14001E310 | 0x0001E928 | 0x0001B528 | 0x00000493 |
| _purecall | - | 0x14001E318 | 0x0001E930 | 0x0001B530 | 0x0000029F |
| _wtoi | - | 0x14001E320 | 0x0001E938 | 0x0001B538 | 0x00000406 |
| __wgetmainargs | - | 0x14001E328 | 0x0001E940 | 0x0001B540 | 0x0000009E |
| __set_app_type | - | 0x14001E330 | 0x0001E948 | 0x0001B548 | 0x0000008F |
| exit | - | 0x14001E338 | 0x0001E950 | 0x0001B550 | 0x00000433 |
| _exit | - | 0x14001E340 | 0x0001E958 | 0x0001B558 | 0x0000010F |
| _cexit | - | 0x14001E348 | 0x0001E960 | 0x0001B560 | 0x000000C2 |
| __setusermatherr | - | 0x14001E350 | 0x0001E968 | 0x0001B568 | 0x00000091 |
| _initterm | - | 0x14001E358 | 0x0001E970 | 0x0001B570 | 0x0000017E |
| __C_specific_handler | - | 0x14001E360 | 0x0001E978 | 0x0001B578 | 0x00000058 |
| _fmode | - | 0x14001E368 | 0x0001E980 | 0x0001B580 | 0x00000128 |
| _commode | - | 0x14001E370 | 0x0001E988 | 0x0001B588 | 0x000000D3 |
| _lock | - | 0x14001E378 | 0x0001E990 | 0x0001B590 | 0x000001E7 |
| _unlock | - | 0x14001E380 | 0x0001E998 | 0x0001B598 | 0x00000342 |
| __dllonexit | - | 0x14001E388 | 0x0001E9A0 | 0x0001B5A0 | 0x0000007C |
| _onexit | - | 0x14001E390 | 0x0001E9A8 | 0x0001B5A8 | 0x00000291 |
| ?terminate@@YAXXZ | - | 0x14001E398 | 0x0001E9B0 | 0x0001B5B0 | 0x00000030 |
| memset | - | 0x14001E3A0 | 0x0001E9B8 | 0x0001B5B8 | 0x00000497 |
ntdll.dll (22)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RtlSubAuthorityCountSid | - | 0x14001E3C0 | 0x0001E9D8 | 0x0001B5D8 | 0x0000051E |
| NtOpenProcessToken | - | 0x14001E3C8 | 0x0001E9E0 | 0x0001B5E0 | 0x00000186 |
| RtlCopySid | - | 0x14001E3D0 | 0x0001E9E8 | 0x0001B5E8 | 0x000002ED |
| RtlLengthSid | - | 0x14001E3D8 | 0x0001E9F0 | 0x0001B5F0 | 0x00000448 |
| RtlGetNtProductType | - | 0x14001E3E0 | 0x0001E9F8 | 0x0001B5F8 | 0x000003C9 |
| RtlInitUnicodeString | - | 0x14001E3E8 | 0x0001EA00 | 0x0001B600 | 0x000003F7 |
| RtlSubAuthoritySid | - | 0x14001E3F0 | 0x0001EA08 | 0x0001B608 | 0x0000051F |
| RtlInitializeSid | - | 0x14001E3F8 | 0x0001EA10 | 0x0001B610 | 0x0000040A |
| RtlDeleteResource | - | 0x14001E400 | 0x0001EA18 | 0x0001B618 | 0x00000330 |
| RtlReleaseResource | - | 0x14001E408 | 0x0001EA20 | 0x0001B620 | 0x000004C5 |
| RtlAcquireResourceExclusive | - | 0x14001E410 | 0x0001EA28 | 0x0001B628 | 0x00000279 |
| RtlEqualSid | - | 0x14001E418 | 0x0001EA30 | 0x0001B630 | 0x00000368 |
| RtlVirtualUnwind | - | 0x14001E420 | 0x0001EA38 | 0x0001B638 | 0x0000056C |
| RtlLookupFunctionEntry | - | 0x14001E428 | 0x0001EA40 | 0x0001B640 | 0x0000045D |
| RtlCaptureContext | - | 0x14001E430 | 0x0001EA48 | 0x0001B648 | 0x000002BB |
| NtDuplicateToken | - | 0x14001E438 | 0x0001EA50 | 0x0001B650 | 0x00000132 |
| NtQueryInformationToken | - | 0x14001E440 | 0x0001EA58 | 0x0001B658 | 0x000001B4 |
| NtQuerySystemInformation | - | 0x14001E448 | 0x0001EA60 | 0x0001B660 | 0x000001CC |
| NtGetCachedSigningLevel | - | 0x14001E450 | 0x0001EA68 | 0x0001B668 | 0x0000014C |
| RtlInitializeResource | - | 0x14001E458 | 0x0001EA70 | 0x0001B670 | 0x00000407 |
| NtOpenThreadToken | - | 0x14001E460 | 0x0001EA78 | 0x0001B678 | 0x0000018E |
| NtClose | - | 0x14001E468 | 0x0001EA80 | 0x0001B680 | 0x000000EB |
ole32.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CoReleaseServerProcess | - | 0x14001E478 | 0x0001EA90 | 0x0001B690 | 0x00000071 |
| CoInitializeSecurity | - | 0x14001E480 | 0x0001EA98 | 0x0001B698 | 0x00000055 |
| CoTaskMemFree | - | 0x14001E488 | 0x0001EAA0 | 0x0001B6A0 | 0x0000007F |
| CoTaskMemAlloc | - | 0x14001E490 | 0x0001EAA8 | 0x0001B6A8 | 0x0000007E |
| CoRevokeClassObject | - | 0x14001E498 | 0x0001EAB0 | 0x0001B6B0 | 0x00000075 |
| CoRegisterClassObject | - | 0x14001E4A0 | 0x0001EAB8 | 0x0001B6B8 | 0x00000069 |
| CoCreateInstance | - | 0x14001E4A8 | 0x0001EAC0 | 0x0001B6C0 | 0x0000001E |
| CoInitializeEx | - | 0x14001E4B0 | 0x0001EAC8 | 0x0001B6C8 | 0x00000054 |
| CoUninitialize | - | 0x14001E4B8 | 0x0001EAD0 | 0x0001B6D0 | 0x00000083 |
| CoAddRefServerProcess | - | 0x14001E4C0 | 0x0001EAD8 | 0x0001B6D8 | 0x00000014 |
USER32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SystemParametersInfoW | - | 0x14001E2C0 | 0x0001E8D8 | 0x0001B4D8 | 0x00000337 |
| UpdatePerUserSystemParameters | - | 0x14001E2C8 | 0x0001E8E0 | 0x0001B4E0 | 0x0000035E |
RPCRT4.dll (10)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| RpcBindingCreateW | - | 0x14001E220 | 0x0001E838 | 0x0001B438 | 0x0000016C |
| RpcBindingBind | - | 0x14001E228 | 0x0001E840 | 0x0001B440 | 0x00000169 |
| I_RpcExceptionFilter | - | 0x14001E230 | 0x0001E848 | 0x0001B448 | 0x0000002E |
| RpcSsDestroyClientContext | - | 0x14001E238 | 0x0001E850 | 0x0001B450 | 0x000001FB |
| RpcBindingFree | - | 0x14001E240 | 0x0001E858 | 0x0001B458 | 0x0000016D |
| RpcStringBindingComposeW | - | 0x14001E248 | 0x0001E860 | 0x0001B460 | 0x00000206 |
| RpcBindingFromStringBindingW | - | 0x14001E250 | 0x0001E868 | 0x0001B468 | 0x0000016F |
| RpcStringFreeW | - | 0x14001E258 | 0x0001E870 | 0x0001B470 | 0x0000020A |
| NdrClientCall3 | - | 0x14001E260 | 0x0001E878 | 0x0001B478 | 0x0000009D |
| I_RpcMapWin32Status | - | 0x14001E268 | 0x0001E880 | 0x0001B480 | 0x00000041 |
SAMLIB.dll (8)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| SamFreeMemory | - | 0x14001E278 | 0x0001E890 | 0x0001B490 | 0x00000015 |
| SamConnect | - | 0x14001E280 | 0x0001E898 | 0x0001B498 | 0x00000007 |
| SamOpenDomain | - | 0x14001E288 | 0x0001E8A0 | 0x0001B4A0 | 0x00000021 |
| SamCloseHandle | - | 0x14001E290 | 0x0001E8A8 | 0x0001B4A8 | 0x00000006 |
| SamQuerySecurityObject | - | 0x14001E298 | 0x0001E8B0 | 0x0001B4B0 | 0x0000002B |
| SamQueryInformationUser | - | 0x14001E2A0 | 0x0001E8B8 | 0x0001B4B8 | 0x00000029 |
| SamOpenUser | - | 0x14001E2A8 | 0x0001E8C0 | 0x0001B4C0 | 0x00000023 |
| SamQueryInformationDomain | - | 0x14001E2B0 | 0x0001E8C8 | 0x0001B4C8 | 0x00000027 |
winbio.dll (4)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| WinBioGetLogonSetting | - | 0x14001E4E0 | 0x0001EAF8 | 0x0001B6F8 | 0x0000001D |
| WinBioGetEnabledSetting | - | 0x14001E4E8 | 0x0001EB00 | 0x0001B700 | 0x0000001C |
| WinBioRemoveAllCredentials | - | 0x14001E4F0 | 0x0001EB08 | 0x0001B708 | 0x0000002E |
| WinBioGetDomainLogonSetting | - | 0x14001E4F8 | 0x0001EB10 | 0x0001B710 | 0x0000001B |
samcli.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetUserGetInfo | - | 0x14001E4D0 | 0x0001EAE8 | 0x0001B6E8 | 0x0000001B |
netutils.dll (1)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| NetApiBufferFree | - | 0x14001E3B0 | 0x0001E9C8 | 0x0001B5C8 | 0x00000001 |
AUTHZ.dll (6)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| AuthzFreeContext | - | 0x14001E0F8 | 0x0001E710 | 0x0001B310 | 0x00000008 |
| AuthzAccessCheck | - | 0x14001E100 | 0x0001E718 | 0x0001B318 | 0x00000000 |
| AuthzAddSidsToContext | - | 0x14001E108 | 0x0001E720 | 0x0001B320 | 0x00000001 |
| AuthzInitializeContextFromSid | - | 0x14001E110 | 0x0001E728 | 0x0001B328 | 0x0000000E |
| AuthzInitializeResourceManager | - | 0x14001E118 | 0x0001E730 | 0x0001B330 | 0x00000014 |
| AuthzFreeResourceManager | - | 0x14001E120 | 0x0001E738 | 0x0001B338 | 0x0000000A |
Digital Signature Information
»
| Verification Status | Valid |
Certificate: Microsoft Windows
»
| Issued by | Microsoft Windows |
| Parent Certificate | Microsoft Windows Production PCA 2011 |
| Country Name | US |
| Valid From | 2014-07-01 20:32 (UTC) |
| Valid Until | 2015-10-01 20:32 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 33 00 00 00 4E A1 D8 07 70 A9 BB E9 44 00 00 00 00 00 4E |
| Thumbprint | DF 3B 9B 7E 5A EA 1A A0 B8 2E A2 5F 54 2A 6A 00 96 3A B8 90 |
Certificate: Microsoft Windows Production PCA 2011
»
| Issued by | Microsoft Windows Production PCA 2011 |
| Country Name | US |
| Valid From | 2011-10-19 18:41 (UTC) |
| Valid Until | 2026-10-19 18:51 (UTC) |
| Algorithm | sha256_rsa |
| Serial Number | 61 07 76 56 00 00 00 00 00 08 |
| Thumbprint | 58 0A 6F 4C C4 E4 B6 69 B9 EB DC 1B 2B 3E 08 7B 80 D0 67 8D |
| Also Known As |
C:\\Users\\Public\\sppsvc.rtf (Accessed File, Dropped File)
\??\C:\Users\Public\sppsvc.rtf (Accessed File) |
| MIME Type | text/plain |
| File Size | 3.12 MB |
| MD5 |
83ef0f7a6726422634048c43787acca1
|
| SHA1 |
2e77b0acc1445efc8f9cd39b0ee16c427a1da036
|
| SHA256 |
d75816f61033c8522e7d76cfa4fee2a1ce99d22fbd63d4f41e8e8c374f889b79
|
| SSDeep |
24576:14GyU3geVVP6IU/p1Pa2VXF0OOSykYSvvV7YZgWgOK7bkCEy3ismhZ0IOmFn7PkP:A
|
| ImpHash | - |
| C:\ProgramData\sfsfdrgrre\logs.dat | Dropped File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 1.79 KB |
| MD5 |
e931567490360d8a78f4ed88a81d1b4b
|
| SHA1 |
65f5c5dfaba9ec4ff45b265518741365a464a63b
|
| SHA256 |
a1e5e7bdae9c0539cae8cceea46cfe4963dbdd550ceabc828aac0157c13c699e
|
| SSDeep |
48:PcRExvvnDExvvlExvvlExvvlExvvK1ExvvlExvvzExvv1Exvv2ExvvlExvvn:P3vn8vmvmvmv1vmvMvWvVvmvn
|
| ImpHash | - |
| MIME Type | text/plain |
| File Size | 100 Bytes |
| MD5 |
b98bd1d6c7d05122c07ccf21a73d51ae
|
| SHA1 |
a1005c311810b8770cd79f1ba6ce841b933eb776
|
| SHA256 |
8e62046961cb16bd3e86b7868a099b79e7506021cd19c43e27b02ce8dc4b221b
|
| SSDeep |
3:HRAbABGQYmTWAX+rSF55i0XMQWcKovsb73cPc:HRYFVmTWDyz9fE74c
|
| ImpHash | - |
| MIME Type | text/plain |
| File Size | 4 Bytes |
| MD5 |
ab6ca5a78cd39bf8699287b535e72595
|
| SHA1 |
9e82ed6493a7ea6f6c6d3ff7e5efa887aba1f454
|
| SHA256 |
49b7905b38fe9a56996f8340bcedbf62f50a6aa572a70c9be031090e3905fe5e
|
| SSDeep |
3:ly:8
|
| ImpHash | - |
| C:\Windows\cer340D.tmp | Dropped File | Empty |
Clean
|
...
|
»
| Also Known As |
C:\Windows\cer4860.tmp (Accessed File, Dropped File)
|
| MIME Type | application/x-empty |
| File Size | 0 Bytes (not extracted) |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\79498dis\json[1].json | Downloaded File | Unknown |
Clean
|
...
|
»
| MIME Type | application/json |
| File Size | 947 Bytes |
| MD5 |
9a9020606df2e6f9c39ec0cd6a8266ed
|
| SHA1 |
d62a38eababa86e1e7b3f87d996100677350d02a
|
| SHA256 |
4c5119a08279195257dbcf699c9563b7d9cebfd75d87ac474bb1aa98408c374b
|
| SSDeep |
12:tkzxnd6UGkMyGWKyGXPVGArwY31JWvAadHfGdA2mOEmE9F3im51w73d9VX+F6oj3:q5dVauKyGX85+PEg6m73vVXdCIfi
|
| ImpHash | - |
| c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 128 Bytes |
| MD5 |
7f3a42a8f26deb5eba26ce36c4056b1b
|
| SHA1 |
6f192ae623d3e538a5dcdaa571af5e7f869bfc81
|
| SHA256 |
0315dff9329f9a35b194d26d383ab0a1dd07a7d96dc340a1d5ce0e015f78ca69
|
| SSDeep |
3:/lrll/llVl:
|
| ImpHash | - |
| 416bfd9ea83f3245ac7fe4938f42215df1c87456a683fd44061310f2c75ff259 | Extracted File | Image |
Clean
Known to be clean.
|
...
|
»
| Parent File | C:\Users\Public\alpha.exe |
| MIME Type | image/png |
| File Size | 5.65 KB |
| MD5 |
2b0579cb5b0956aa92b0f608b96cd443
|
| SHA1 |
561ebd0ffd3b0de6ab9b58191a4fd6142eca1d44
|
| SHA256 |
416bfd9ea83f3245ac7fe4938f42215df1c87456a683fd44061310f2c75ff259
|
| SSDeep |
96:QDNBlWX6P9RugvGV37y6Txsr5u12UEqMYRyu9+1+bYZKwD0PPMOw1UX2zdRwc:Qh7WmdGVRK5UHN04yMa1UqR
|
| ImpHash | - |
File Reputation Information
»
| Verdict |
Clean
Known to be clean.
|
